CVE-2026-6215
MEDIUMDbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery
Title source: cnaDescription
A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
References (3)
Core 3
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-357134 | DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery
https://vuldb.com/vuln/357134
Signature, Permissions Required signature
permissions-required
VDB-357134 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/357134/cti
Third Party Advisory third-party-advisory
Submit #785836 | DbGate DbGate Premium 7.1.4 Server-Side Request Forgery
https://vuldb.com/submit/785836
Scores
CVSS v3
6.3
EPSS
0.0019
EPSS Percentile
9.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (5)
None/DbGate
7.1.0
None/DbGate
7.1.1
None/DbGate
7.1.2
None/DbGate
7.1.3
None/DbGate
7.1.4
Published
Apr 13, 2026
Tracked Since
Apr 14, 2026