CVE-2026-30242 | makeplane up to 1.2.2 URL Validation webhook.py ip.is_loopback server-side request forgery (GHSA-fpx8-73gf-7×73)

A vulnerability classified as critical was found in makeplane plane up to 1.2.2. This vulnerability affects the function ip.is_loopback of the file plane/app/serializers/webhook.py of the component URL Validation Handler. Executing a manipulation can lead to server-side request forgery.

The identification of this vulnerability is CVE-2026-30242. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More