CVE-2026-36757 | Halo 2.22.14 GET upgrade-from-uri server-side request forgery

A vulnerability marked as critical has been reported in Halo 2.22.14. Impacted is an unknown function of the file /plugins/{name}/upgrade-from-uri of the component GET Handler. This manipulation causes server-side request forgery.

This vulnerability appears as CVE-2026-36757. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More