{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32096", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T22:02:38.853Z", "datePublished": "2026-03-11T19:53:39.734Z", "dateUpdated": "2026-03-12T20:00:12.401Z"}, "containers": {"cna": {"title": "Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/useplunk/plunk/security/advisories/GHSA-xpqg-p8mp-7g44", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/useplunk/plunk/security/advisories/GHSA-xpqg-p8mp-7g44"}, {"name": "https://github.com/useplunk/plunk/commit/b8f1ad9ab53c78f8ef063fdc125f397c8bfc7652", "tags": ["x_refsource_MISC"], "url": "https://github.com/useplunk/plunk/commit/b8f1ad9ab53c78f8ef063fdc125f397c8bfc7652"}], "affected": [{"vendor": "useplunk", "product": "plunk", "versions": [{"version": "< 0.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T19:53:39.734Z"}, "descriptions": [{"lang": "en", "value": "Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0."}], "source": {"advisory": "GHSA-xpqg-p8mp-7g44", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T20:00:03.818784Z", "id": "CVE-2026-32096", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:00:12.401Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32096", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T20:00:03.818784Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T20:00:09.119Z"}}], "cna": {"title": "Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns", "source": {"advisory": "GHSA-xpqg-p8mp-7g44", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "useplunk", "product": "plunk", "versions": [{"status": "affected", "version": "< 0.7.0"}]}], "references": [{"url": "https://github.com/useplunk/plunk/security/advisories/GHSA-xpqg-p8mp-7g44", "name": "https://github.com/useplunk/plunk/security/advisories/GHSA-xpqg-p8mp-7g44", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/useplunk/plunk/commit/b8f1ad9ab53c78f8ef063fdc125f397c8bfc7652", "name": "https://github.com/useplunk/plunk/commit/b8f1ad9ab53c78f8ef063fdc125f397c8bfc7652", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-11T19:53:39.734Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32096", "state": "PUBLISHED", "dateUpdated": "2026-03-12T20:00:12.401Z", "dateReserved": "2026-03-10T22:02:38.853Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-11T19:53:39.734Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:useplunk:plunk:*:*:*:*:*:*:*:*", "matchCriteriaId": "103B88DE-209C-4C17-A84C-D22222453E81", "versionEndExcluding": "0.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0."}, {"lang": "es", "value": "Plunk es una plataforma de correo electr\u00f3nico de c\u00f3digo abierto construida sobre AWS SES. Antes de la 0.7.0, exist\u00eda una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) en el gestor de webhook de SNS. Un atacante no autenticado podr\u00eda enviar una petici\u00f3n manipulada que causaba que el servidor realizara una petici\u00f3n HTTP GET saliente arbitraria a cualquier host accesible desde el servidor. Esta vulnerabilidad est\u00e1 corregida en la 0.7.0."}], "id": "CVE-2026-32096", "lastModified": "2026-03-16T17:00:18.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-11T20:16:18.090", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/useplunk/plunk/commit/b8f1ad9ab53c78f8ef063fdc125f397c8bfc7652"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/useplunk/plunk/security/advisories/GHSA-xpqg-p8mp-7g44"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.7.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "plunk", "vendor": "useplunk"}], "analysis": {"en": {"generated_at": "2026-03-17T17:08:22.188022+00:00", "value": {"mitigation_remediation": ["Upgrade Plunk to version 0.7.0 or later to fix the SSRF issue."], "summary": {"action": "Patch Immediately", "impact": "Server\u2011Side Request Forgery enabling arbitrary outbound requests"}, "threat_synthesis": {"affected_systems": "Deployment environments running any version of the open\u2011source email platform Plunk (useplunk:plunk) prior to version 0.7.0 are affected. The specific affected version range is not enumerated beyond the indication that all releases before 0.7.0 contain the flaw. Versions 0.7.0 and later incorporate the fix, as stated in the vendor advisory.", "description_and_impact": "An unauthenticated attacker can craft an AWS SNS SubscriptionConfirmation message and send it to Plunk\u2019s /webhooks/sns endpoint. The handler accepts the message without validating the target URL and initiates an outbound HTTP GET to the supplied URL. This Server\u2011Side Request Forgery (CWE\u2011918) permits the attacker to cause the Plunk server to reach any host reachable from its network, exposing internal resources, leaking data, or exhausting system resources.", "risk_and_exploitability": "The vulnerability has a CVSS score of 9.3, indicating critical severity. The EPSS score is under 1%, implying limited exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is an unauthenticated HTTP POST to the exposed /webhooks/sns endpoint; no authentication or privileged access is required. Exposed deployments can be exploited from any internet\u2011reachable location, making the risk high for publicly accessible instances."}}}}, "created": "2026-03-12T09:56:22.753526+00:00", "updated": "2026-03-20T15:37:28.008608+00:00", "vendors": ["useplunk", "useplunk$PRODUCT$plunk"]}