Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
FFmate Server-Side Request Forgery Risk if Malicious Webhooks Sent
CVE-2026-3681
Summary
Using FFmate versions up to 2.0.15 may allow an attacker to trick the server into making unauthorized requests. This could happen if a malicious webhook is sent to the server. To protect your server, update to the latest version of FFmate as soon as possible.
Original title
A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to serve...
Original description
A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026