CVE-2026-30404

HIGH

wgcloud v3.6.3 - SSRF

Title source: llm

Description

The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations.

References (2)

https://github.com/tianshiyeben/wgcloud/issues/98

https://github.com/TTTlw1024/qwe/issues/3

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 12.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-918

Status published

Published Mar 19, 2026

Tracked Since Mar 19, 2026