Server-Side Request Forgery in AutoBangumi Product by EstrellaXD
CVE-2026-59101

6.9MEDIUM

Key Information:

Vendor

Estrellaxd

Vendor
CVE Published:
2 July 2026

What is CVE-2026-59101?

AutoBangumi, prior to version 3.2.8, is susceptible to a server-side request forgery (SSRF) vulnerability. This allows unauthenticated remote attackers to exploit the system by sending crafted requests to the unprotected setup endpoint. Specifically, by interacting with the POST /api/v1/setup/test-downloader endpoint, attackers can direct the server to make HTTP GET requests to internal or reserved IP addresses, leading to potential information exposure via revealed connection-error messages. This vulnerability poses a risk to the internal network's security by enabling attackers to probe sensitive services.

Affected Version(s)

Auto_Bangumi 0 < 3.2.8

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

George Chen
.