CVE-2026-41172 | squidex up to 7.22.x server-side request forgery (GHSA-x7cq-4f4c-8qcv)

April 23, 2026 Yanac

A vulnerability marked as critical has been reported in squidex up to 7.22.x. Impacted is an unknown function. The manipulation leads to server-side request forgery.

This vulnerability is documented as CVE-2026-41172. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More

CVE-2026-41175 | Statamic CMS up to 5.73.19/6.12.x REST API Endpoint externally-controlled input to select classes or code (GHSA-4jjr-vmv7-wh4w)
CVE-2026-41988 | uuidjs uuid up to 13.x control flow