cvedb.io
CVE-2026-56769
HIGH · CVSS 8.5
EPSS exploitation probability: 0%
Published 2026-06-25T19:16:43.973 · Last modified 2026-06-25T19:50:55.403

Summary

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal services, exfiltrate responses, and replay credentials against backend systems.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.