Server-Side Request Forgery in SourceCodester RSS Feed Parser 1.0
CVE-2026-5126

5.3MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Rss Feed Parser
Vendor
CVE Published:
30 March 2026

What is CVE-2026-5126?

A vulnerability has been identified in SourceCodester RSS Feed Parser 1.0 due to improper handling of the file_get_contents function. This flaw allows for server-side request forgery, enabling potential remote attackers to send crafted requests to internal resources or services, which can lead to data exposure or further exploitation. The exploit details are accessible, highlighting the importance of addressing this security issue promptly.

Affected Version(s)

RSS Feed Parser 1.0

References

https://vuldb.com/vuln/354158
vdb-entrytechnical-description
https://vuldb.com/vuln/354158/cti
signaturepermissions-required
https://vuldb.com/submit/780180
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hemant Raj Bhati (VulDB User)
.