CVE-2026-5126

MEDIUM

SourceCodester RSS Feed Parser file_get_contents server-side request forgery

Title source: cna
STIX 2.1

Description

A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.

References (5)

Scores

CVSS v3 6.3
EPSS 0.0001
EPSS Percentile 3.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-918
Status published
Products (1)
SourceCodester/RSS Feed Parser 1.0
Published Mar 30, 2026
Tracked Since Mar 31, 2026