Server-Side Request Forgery in DbGate REST/GraphQL Component
CVE-2026-6215

5.3MEDIUM

Key Information:

Vendor

DbGate

Status
Dbgate
Vendor
CVE Published:
13 April 2026

What is CVE-2026-6215?

A vulnerability has been found in DbGate versions prior to 7.1.4, particularly within the function apiServerUrl1 located in the file openApiDriver.ts. This flaw enables attackers to execute server-side request forgery (SSRF) attacks, allowing them to manipulate server requests to potentially gain unauthorized access to internal resources. The threat can be triggered remotely, making it crucial for users to implement safeguards against exploitation methods that involve this weakness. Despite early notifications to the vendor about this issue, there has been no response or patch provided.

Affected Version(s)

DbGate 7.1.0

DbGate 7.1.1

DbGate 7.1.2

References

https://vuldb.com/vuln/357134
vdb-entrytechnical-description
https://vuldb.com/vuln/357134/cti
signaturepermissions-required
https://vuldb.com/submit/785836
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ngocnn97 (VulDB User)
ngocnn97 (VulDB User)
VulDB CNA Team
.