CVE-2026-36764

SpringBlade 4.8.0 - SSRF

Title source: llm

Description

A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.

References (2)

Core 2

Core References

https://github.com/chillzhuang/SpringBlade

View Writeup ZIP pw:eip

https://github.com/chillzhuang/SpringBlade/issues/36

Scores

EPSS 0.0003

EPSS Percentile 7.0%

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Published Apr 30, 2026

Tracked Since Apr 30, 2026