Description
A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The attack may be performed from remote.
References (4)
Core 4
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.328809
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.328809
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.669928
Various Sources related
https://github.com/lakshayyverma/CVE-Discovery/blob/main/Nucleoid.md
Scores
CVSS v3
7.3
EPSS
0.0004
EPSS Percentile
13.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (11)
NucleoidAI/Nucleoid
0.7.0
NucleoidAI/Nucleoid
0.7.1
NucleoidAI/Nucleoid
0.7.10
NucleoidAI/Nucleoid
0.7.2
NucleoidAI/Nucleoid
0.7.3
NucleoidAI/Nucleoid
0.7.4
NucleoidAI/Nucleoid
0.7.5
NucleoidAI/Nucleoid
0.7.6
NucleoidAI/Nucleoid
0.7.7
NucleoidAI/Nucleoid
0.7.8
... and 1 more
Published
Oct 16, 2025
Tracked Since
Feb 18, 2026