Vulnerabilities

Update: CVE-2026-22772 - Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

2026-01-13 0 views admin

CVE ID : CVE-2026-22772 Published : Jan. 12, 2026, 9:15 p.m. | 1 hour, 33 minutes ago Description : Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5. Severity: 5.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-22772

Severity

MEDIUM

Published

Jan. 12, 2026

Attack Vector: network

Impact: SSRF

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-22772medium

Update: CVE-2026-22772 - Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-9427 - Admin reflected XSS - Guide

CVE-2025-14507 - EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - unauthenticated

CVE-2025-11669 - Broken Access Control

Update: CVE-2026-0880 - Sandbox escape due to integer overflow in the Graphics component

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting