CVE-2026-32255

Published: Mar 19, 2026 Last Modified: Mar 19, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,6
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch() server-side, and returns the full response body. An unauthenticated attacker can use this to make HTTP requests from the server to internal services, cloud metadata endpoints, or private network resources. This issue has been fixed in version 0.5.5. To workaround this issue, block or restrict access to /api/download/attatchment at the reverse proxy level (nginx, Cloudflare, etc.).

918

Server-Side Request Forgery (SSRF)

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control
Potential Impacts:
Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
View CWE Details
https://github.com/kanbn/kan/commit/53397d8e81dc1494d941328…
https://github.com/kanbn/kan/commit/53397d8e81dc1494d94132848c1f0416f1152bd7
https://github.com/kanbn/kan/releases/tag/v0.5.5
https://github.com/kanbn/kan/releases/tag/v0.5.5
https://github.com/kanbn/kan/security/advisories/GHSA-qrx8-…
https://github.com/kanbn/kan/security/advisories/GHSA-qrx8-9hc6-jvqg