CVE-2026-25991

HIGH

Tandoor Recipes <2.5.1 - SSRF

Title source: llm

Description

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL after following HTTP redirects, allowing any authenticated user (including standard users without administrative privileges) to force the server to connect to arbitrary internal or external resources. The vulnerability lies in cookbook/integration/cookmate.py, within the Cookmate integration class. This vulnerability can be leveraged to scan internal network ports, access cloud instance metadata (e.g., AWS/GCP Metadata Service), or disclose the server's real IP address. This vulnerability is fixed in 2.5.1.

Exploits (2)

github STUB 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25991
nomisec STUB 1 stars
by drkim-dev · poc
https://github.com/drkim-dev/CVE-2026-25991

References (3)

Scores

CVSS v3 7.7
EPSS 0.0004
EPSS Percentile 13.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-918
Status published
Products (1)
tandoor/recipes < 2.5.1
Published Feb 13, 2026
Tracked Since Feb 18, 2026