Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
GB28181-pro IP Address Handler Exposes Server to Remote Attacks
CVE-2026-3966
Summary
A security flaw in the GB28181-pro's IP address handler allows hackers to trick the server into making unauthorized requests to other servers. This could lead to a range of problems, including data theft or system compromise. Users should update to the latest version to protect their system.
Original title
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/m...
Original description
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the argument MediaServer.streamIp results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026