HIGH🇵🇱 Wersja polska

CVE-2026-44797

CVSS 8.5v3.1pub. 2026-05-28upd. 2026-05-29

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF). This vulnerability is fixed in 2.4.33 and 3.1.2.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
  • Networktocode Nautobot

    APP
    Networktocode
    < 2.4.333.0.0 – 3.1.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2026-44798HIGH7.1ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with ...

CVE-2024-34707HIGH7.5ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges c...

CVE-2024-32979HIGH7.5ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Djan...

CVE-2024-23345HIGH7.1ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users o...

CVE-2023-48705HIGH7.1ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of ...