Server-Side Request Forgery in Xibo Digital Signage Platform
CVE-2026-42141

7.7HIGH

Key Information:

Vendor: Xibosignage
Status: Xibo-cms
Vendor: CVE Published:; 12 May 2026

🔔 Create Xibosignage Vulnerability Alert

What is CVE-2026-42141?

The Xibo digital signage platform has a vulnerability in the content management system that allows users with upload permissions to send unauthorized HTTP requests. This server-side request forgery (SSRF) can facilitate unauthorized scanning of internal networks and accessing sensitive endpoints, potentially leading to data exposure and interaction with unsecured internal services. The flaw is addressed in version 4.4.1, emphasizing the importance of timely updates for security.

Affected Version(s)

xibo-cms < 4.4.1

References

https://github.com/xibosignage/xibo-cms/security/advisori...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 24, 2026

CVE-2026-42141 Data

JSON