{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4528", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-21T07:36:25.895Z", "datePublished": "2026-03-21T22:02:11.155Z", "dateUpdated": "2026-03-23T16:25:13.688Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-21T22:02:11.155Z"}, "title": "trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "trueleaf", "product": "ApiFlow", "versions": [{"version": "0.9.7", "status": "affected"}], "modules": ["URL Validation Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-21T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-21T08:41:30.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "din4 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.352316", "name": "VDB-352316 | trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352316", "name": "VDB-352316 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.784197", "name": "Submit #784197 | trueleaf apiflow \u22640.9.7 Server-Side Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://www.notion.so/Server-Side-Request-Forgery-SSRF-in-ApiFlow-329ea92a3c4180489df2fa2702078fe5", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:24:55.302533Z", "id": "CVE-2026-4528", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:25:13.688Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4528", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:24:55.302533Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:25:01.171Z"}}], "cna": {"title": "trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "din4 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "trueleaf", "modules": ["URL Validation Handler"], "product": "ApiFlow", "versions": [{"status": "affected", "version": "0.9.7"}]}], "timeline": [{"lang": "en", "time": "2026-03-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-21T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-21T08:41:30.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352316", "name": "VDB-352316 | trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352316", "name": "VDB-352316 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.784197", "name": "Submit #784197 | trueleaf apiflow \u22640.9.7 Server-Side Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://www.notion.so/Server-Side-Request-Forgery-SSRF-in-ApiFlow-329ea92a3c4180489df2fa2702078fe5", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-21T22:02:11.155Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4528", "state": "PUBLISHED", "dateUpdated": "2026-03-23T16:25:13.688Z", "dateReserved": "2026-03-21T07:36:25.895Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-21T22:02:11.155Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}, {"lang": "es", "value": "Se determin\u00f3 una vulnerabilidad en trueleaf ApiFlow 0.9.7. El elemento afectado es la funci\u00f3n validateUrlSecurity del archivo packages/server/src/service/proxy/http_proxy.service.ts del componente Gestor de Validaci\u00f3n de URL. Esta manipulaci\u00f3n causa falsificaci\u00f3n de petici\u00f3n del lado del servidor. La explotaci\u00f3n remota del ataque es posible. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado."}], "id": "CVE-2026-4528", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-21T22:16:20.137", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.352316"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.352316"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.784197"}, {"source": "cna@vuldb.com", "url": "https://www.notion.so/Server-Side-Request-Forgery-SSRF-in-ApiFlow-329ea92a3c4180489df2fa2702078fe5"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.9.7"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ApiFlow", "source": "cna", "vendor": "trueleaf"}, "product": "apiflow", "vendor": "trueleaf"}], "analysis": {"en": {"generated_at": "2026-03-21T23:50:24.908094+00:00", "value": {"mitigation_remediation": ["Apply any available vendor patch or upgrade to a later release of trueleaf ApiFlow that addresses the SSRF flaw.", "If an update is not immediately feasible, configure the proxy service to restrict outbound destinations to a whitelisted set of hosts or block internal network ranges.", "Enable detailed logging of outbound requests from the proxy and monitor for unexpected or suspicious traffic patterns."], "summary": {"action": "Immediate Patch", "impact": "Server Side Request Forgery"}, "threat_synthesis": {"affected_systems": "trueleaf ApiFlow version 0.9.7 is affected. No other releases are listed as impacted.", "description_and_impact": "The vulnerability exists in the validateUrlSecurity function of trueleaf ApiFlow's proxy service. It permits an attacker to override URL validation, leading to a server\u2011side request forgery that can reach arbitrary internal or external targets. This can result in sensitive data exposure, service discovery, or serve as a foothold for lateral movement.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity level. Public information confirms that exploitation is possible from remote attackers. EPSS data is unavailable, and the issue is not listed in the known exploited vulnerability catalog. The attack is likely to occur via crafted API requests to the proxy endpoint, making remote exploitation straightforward."}}}}, "created": "2026-03-23T09:48:57.212522+00:00", "updated": "2026-03-25T14:46:59.483869+00:00", "vendors": ["trueleaf", "trueleaf$PRODUCT$apiflow"]}