Server-Side Request Forgery in SpringBlade by Chillzhuang
CVE-2026-36764

5MEDIUM

Key Information:

Vendor
CVE Published:
30 April 2026

What is CVE-2026-36764?

A vulnerability in SpringBlade version 4.8.0 allows authenticated attackers to exploit the /ureport/datasource/testConnection endpoint through a crafted GET request. This Server-Side Request Forgery (SSRF) flaw enables attackers to access and scan internal resources improperly, potentially exposing sensitive data or system configurations.

References

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.