Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.1
PSI Probe vulnerable to Server-Side Request Forgery
CVE-2026-3270
GHSA-429m-9874-rx9w
Summary
A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has ...
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github | com.github.psi-probe:psi-probe-core | <= 5.3.0 | – |
| psi-probe | psi_probe | <= 5.3.0 | – |
Original title
PSI Probe vulnerable to Server-Side Request Forgery
Original description
A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://github.com/AnalogyC0de/public_exp/issues/12 Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347994 Permissions Required VDB Entry
- https://vuldb.com/?id.347994 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.758666 Third Party Advisory VDB Entry
- https://nvd.nist.gov/vuln/detail/CVE-2026-3270
- https://github.com/advisories/GHSA-429m-9874-rx9w
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026