CVE-2026-42860 | openedx edx-enterprise up to 7.0.4 fetch_metadata_xml server-side request forgery (GHSA-64cv-vxpr-j6vc)

A vulnerability identified as critical has been detected in openedx edx-enterprise up to 7.0.4. The impacted element is the function fetch_metadata_xml. Performing a manipulation results in server-side request forgery.

This vulnerability is identified as CVE-2026-42860. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More