CVE-2026-32096

CRITICAL LAB

Plunk < 0.7.0 - Unauthenticated Server-Side Request Forgery via SNS Webhook

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-32096. PoCs published by andrebhu.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-32096, demonstrating an SSRF vulnerability in the Plunk API endpoint `/webhooks/sns` due to lack of AWS SNS signature validation. The exploit includes a Docker Compose environment for local reproduction, a listener script to capture SSRF callbacks, and a bash script to trigger the vulnerability.

Description

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0.

Exploits (1)

nomisec WORKING POC

by andrebhu · poc

https://github.com/andrebhu/CVE-2026-32096

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-32096, demonstrating an SSRF vulnerability in the Plunk API endpoint `/webhooks/sns` due to lack of AWS SNS signature validation. The exploit includes a Docker Compose environment for local reproduction, a listener script to capture SSRF callbacks, and a bash script to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: useplunk/plunk (version pinned to sha256:729961b121923477c568e3e5b4698dfb1efcd87a7dbeea60cb538ba83b2f19da)

No auth needed

Prerequisites: Docker & Docker Compose · Python 3

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/useplunk/plunk/security/advisories/GHSA-xpqg-p8mp-7g44

Patch x_refsource_misc

https://github.com/useplunk/plunk/commit/b8f1ad9ab53c78f8ef063fdc125f397c8bfc7652

View Patch ZIP pw:eip

Scores

CVSS v3 9.3

EPSS 0.0010

EPSS Percentile 28.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

docker pull ghcr.io/useplunk/plunk@sha256:729961b121923477c568e3e5b4698dfb1efcd87a7dbeea60cb538ba83b2f19da

https://github.com/useplunk/plunk

https://github.com/andrebhu/CVE-2026-32096

View in Library

Details

CWE

CWE-918

Status published

Products (1)

useplunk/plunk < 0.7.0

Published Mar 11, 2026

Tracked Since Mar 12, 2026