Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Woahai321 ListSync allows attackers to forge requests to servers
CVE-2026-3958
Summary
A security issue in Woahai321 ListSync versions up to 0.6.6 allows an attacker to trick a server into performing unauthorized actions. This could happen if an attacker sends a specially crafted request. We recommend updating to the latest version of Woahai321 ListSync to fix this problem.
Original title
A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulat...
Original description
A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026