CVE-2026-6215

MEDIUM

DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery

Title source: cna

Description

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (3)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/357134

[Signature, Permissions Required] https://vuldb.com/vuln/357134/cti

[Third Party Advisory] https://vuldb.com/submit/785836

Scores

CVSS v3 6.3

EPSS 0.0003

EPSS Percentile 10.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (5)

None/DbGate 7.1.0

None/DbGate 7.1.1

None/DbGate 7.1.2

None/DbGate 7.1.3

None/DbGate 7.1.4

Published Apr 13, 2026

Tracked Since Apr 14, 2026