Server-Side Request Forgery in AutoBangumi Product by EstrellaXD
CVE-2026-59101
6.9MEDIUM
What is CVE-2026-59101?
AutoBangumi, prior to version 3.2.8, is susceptible to a server-side request forgery (SSRF) vulnerability. This allows unauthenticated remote attackers to exploit the system by sending crafted requests to the unprotected setup endpoint. Specifically, by interacting with the POST /api/v1/setup/test-downloader endpoint, attackers can direct the server to make HTTP GET requests to internal or reserved IP addresses, leading to potential information exposure via revealed connection-error messages. This vulnerability poses a risk to the internal network's security by enabling attackers to probe sensitive services.
Affected Version(s)
Auto_Bangumi 0 < 3.2.8
