CVE-2026-13316
MEDIUMForeman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-13316. PoCs published by HermesNA-1.
AI-analyzed exploit summary This repository contains an auto-generated placeholder module for CVE-2026-13316, a Server-Side Request Forgery (SSRF) vulnerability in Foreman. The code includes a basic connectivity check but lacks actual exploit implementation, referencing only external sources for details.
Description
A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component.
Exploits (1)
This repository contains an auto-generated placeholder module for CVE-2026-13316, a Server-Side Request Forgery (SSRF) vulnerability in Foreman. The code includes a basic connectivity check but lacks actual exploit implementation, referencing only external sources for details.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N