{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6744", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-21T12:03:58.906Z", "datePublished": "2026-04-21T18:00:17.506Z", "dateUpdated": "2026-04-21T18:00:17.506Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-21T18:00:17.506Z"}, "title": "Bagisto Downloadable Link copy server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "n/a", "product": "Bagisto", "versions": [{"version": "2.3.0", "status": "affected"}, {"version": "2.3.1", "status": "affected"}, {"version": "2.3.2", "status": "affected"}, {"version": "2.3.3", "status": "affected"}, {"version": "2.3.4", "status": "affected"}, {"version": "2.3.5", "status": "affected"}, {"version": "2.3.6", "status": "affected"}, {"version": "2.3.7", "status": "affected"}, {"version": "2.3.8", "status": "affected"}, {"version": "2.3.9", "status": "affected"}, {"version": "2.3.10", "status": "affected"}, {"version": "2.3.11", "status": "affected"}, {"version": "2.3.12", "status": "affected"}, {"version": "2.3.13", "status": "affected"}, {"version": "2.3.14", "status": "affected"}, {"version": "2.3.15", "status": "affected"}], "modules": ["Downloadable Link Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure and explains: \"We already replied on the github advisories. All the security issues are addressed through security advisory. We will fix this in our upcomming releases.\""}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2026-04-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-21T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-21T14:09:08.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "hai271120 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358435", "name": "VDB-358435 | Bagisto Downloadable Link copy server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358435/cti", "name": "VDB-358435 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/794680", "name": "Submit #794680 | bagisto v2.3.15 Server-Side Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1pVSN3BYjI_rUE2Jms5EcIBGSMdrq6Wql/view?usp=sharing", "tags": ["exploit"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure and explains: \"We already replied on the github advisories. All the security issues are addressed through security advisory. We will fix this in our upcomming releases.\""}], "id": "CVE-2026-6744", "lastModified": "2026-04-21T19:16:18.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-21T19:16:18.727", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/1pVSN3BYjI_rUE2Jms5EcIBGSMdrq6Wql/view?usp=sharing"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/794680"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358435"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358435/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.3.13"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Bagisto", "source": "cna", "vendor": "n/a"}, "product": "bagisto", "vendor": "bagisto"}], "analysis": {"en": {"generated_at": "2026-04-22T07:15:42.298218+00:00", "value": {"mitigation_remediation": ["Upgrade Bagisto to a version that includes the fix for the copy\u2011handler SSRF vulnerability", "If immediate upgrade is not feasible, restrict application outbound HTTP traffic by configuring the network firewall or application gateway to allow only known safe destinations, thereby blocking unauthorized SSRF actions", "Enable logging and alerting on the copy endpoint to detect anomalous external requests or failures, and review logs periodically for evidence of exploitation"], "summary": {"action": "Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "All installations of Bagisto version 2.3.15 or earlier are affected. The vendor has indicated that the issue will be addressed in forthcoming releases, but no patch version is listed in the data provided.", "description_and_impact": "A server\u2011side request forgery vulnerability exists in Bagisto versions up to 2.3.15. The flaw is triggered by manipulating the copy operation in the Downloadable Link handler, allowing an attacker to cause the application server to issue HTTP requests to arbitrary URLs. This can be exploited remotely to reach internal or external resources, potentially leaking sensitive data or facilitating further attacks. The weakness corresponds to CWE\u2011918.", "risk_and_exploitability": "The CVSS score of 5.3 places the vulnerability in the medium severity range, and the EPSS score is not available, suggesting limited publicly observed exploitation. The vulnerability is not listed in the CISA KEV package, and the attack vector is inferred to be remote, with the attacker needing only to send crafted requests to the copy endpoint to trigger the SSRF."}}}}, "created": "2026-04-22T05:00:09.214450+00:00", "updated": "2026-04-22T07:30:11.609265+00:00", "vendors": ["bagisto", "bagisto$PRODUCT$bagisto"]}