Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Manga-Image-Translator Beta 0.3 Can Be Tricked into Doing Wrong Actions
CVE-2026-3961
Summary
A flaw in the Manga-Image-Translator's server allows an attacker to make the system perform actions it shouldn't. This can be done from anywhere on the internet. The issue has been publicly disclosed and could be used by hackers. The developer has been notified, but hasn't fixed it yet.
Original title
A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction....
Original description
A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- https://github.com/zyddnys/manga-image-translator/
- https://github.com/zyddnys/manga-image-translator/issues/1118
- https://github.com/zyddnys/manga-image-translator/issues/1119
- https://vuldb.com/?ctiid.350390
- https://vuldb.com/?id.350390
- https://vuldb.com/?submit.768180
- https://vuldb.com/?submit.768210
- https://vuldb.com/?submit.768211
- https://vuldb.com/?submit.768212
- https://vuldb.com/?submit.768214
- https://vuldb.com/?submit.768224
- https://vuldb.com/?submit.768225
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026