CVE-2026-33126

Published: Mar 20, 2026 Last Modified: Mar 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,0

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery (SSRF) attacks. An attacker can use the Frigate server to make HTTP requests to internal network resources, cloud metadata services, or perform port scanning. This issue has been patched in version 0.16.3.

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

View CWE Details

https://github.com/blakeblackshear/frigate/releases/tag/v0.…

https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3

https://github.com/blakeblackshear/frigate/security/advisor…

https://github.com/blakeblackshear/frigate/security/advisories/GHSA-j6g3-3j3q-c…

CVE-2026-33126

Description

Server-Side Request Forgery (SSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter