CVE-2026-32096

CRITICAL LAB

Plunk <0.7.0 - SSRF

Title source: llm

Description

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0.

Exploits (1)

nomisec WORKING POC

by andrebhu · poc

https://github.com/andrebhu/CVE-2026-32096

View Code ZIP pw:eip

References (2)

[Patch] https://github.com/useplunk/plunk/commit/b8f1ad9ab53c78f8ef063fdc125f397c8bfc7652

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/useplunk/plunk/security/advisories/GHSA-xpqg-p8mp-7g44

Scores

CVSS v3 9.3

EPSS 0.0008

EPSS Percentile 24.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull ghcr.io/useplunk/plunk@sha256:729961b121923477c568e3e5b4698dfb1efcd87a7dbeea60cb538ba83b2f19da

https://github.com/useplunk/plunk

https://github.com/andrebhu/CVE-2026-32096

View in Library

Details

CWE

CWE-918

Status published

Products (1)

useplunk/plunk < 0.7.0

Published Mar 11, 2026

Tracked Since Mar 12, 2026