Server-Side Request Forgery in Feiyuchuixue sz-boot-parent
CVE-2026-3189

2.3LOW

Key Information:

Vendor

Feiyuchuixue

Status
Sz-boot-parent
Vendor
CVE Published:
25 February 2026

What is CVE-2026-3189?

A security vulnerability identified in the feiyuchuixue sz-boot-parent software allows for server-side request forgery through the manipulation of the 'url' argument in the file /api/admin/common/files/download. This weakness can be exploited remotely, though it requires complex techniques to execute. The recent patch in version 1.3.3-beta introduces a URL protocol whitelist validation, restricting downloads to only http and https protocols, thereby mitigating the risk of potential attacks. It is strongly recommended that users upgrade to the latest version to enhance their security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

sz-boot-parent 1.3.2-beta

sz-boot-parent 1.3.3-beta

References

https://vuldb.com/?id.347747
vdb-entrytechnical-description
https://vuldb.com/?ctiid.347747
signaturepermissions-required
https://vuldb.com/?submit.754042
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yuccun (VulDB User)
JSON
.