CVE-2026-0532 - External Control of File Name or Path and Server-Side Request Forgery (SSRF) in K

CVE ID : CVE-2026-0532 Published : Jan. 14, 2026, 11:15 a.m. | 21 minutes ago Description : External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor