CVE-2026-3750
MEDIUMContiNew Admin <4.2.0 - SSRF
Title source: llmDescription
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Scores
CVSS v3
4.7
EPSS
0.0005
EPSS Percentile
16.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-918
Status
published
Products (1)
continew/continew_admin
< 4.1.0
Published
Mar 08, 2026
Tracked Since
Mar 09, 2026