CVE-2026-36759 | Halo 2.22.14 GET upgrade-from-uri server-side request forgery

A vulnerability labeled as critical has been found in Halo 2.22.14. This issue affects some unknown processing of the file /themes/{name}/upgrade-from-uri of the component GET Handler. The manipulation results in server-side request forgery.

This vulnerability is reported as CVE-2026-36759. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More