Server-Side Request Forgery Vulnerability in Invoice Ninja by Invoice Ninja
CVE-2026-29925

7.7HIGH

Key Information:

Vendor: Invoice Ninja
Status: Invoice Ninja
Vendor: CVE Published:; 30 March 2026

🔔 Create Invoice Ninja Vulnerability Alert

What is CVE-2026-29925?

Invoice Ninja versions v5.12.46 and v5.12.48 contain a Server-Side Request Forgery (SSRF) vulnerability in the CheckDatabaseRequest.php file. This security flaw allows attackers to exploit the application's handling of requests, potentially leading to unauthorized access to internal resources. It is crucial for users of the affected versions to implement immediate security measures to safeguard their systems against potential exploitation.

References

https://github.com/invoiceninja/invoiceninja/blob/v5-stab...

https://gist.github.com/TrekLaps/5b2c72106d950dab0cd1897e...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-29925 Data

JSON