Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
HotGo Image Upload May Allow Attackers to Forge Server Requests
CVE-2026-3683
Summary
A security weakness in HotGo's image upload feature could allow hackers to trick the server into making unauthorized requests. This means an attacker could potentially do things they shouldn't be able to do on your server, like accessing sensitive information or making changes. Update HotGo to the latest version to fix this issue.
Original title
A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The man...
Original description
A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026