CVE-2026-42140

Published: Mag 04, 2026 Last Modified: Mag 04, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,4

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does not validate the supplied URL. An attacker can supply an internal IP address or a malicious external URL. The XWiki server will attempt to connect to this URL to 'render' the diagram. This issue has been patched in version 2.4.1.

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

View CWE Details

https://github.com/xwiki-contrib/macro-plantuml/commit/c8b1…

https://github.com/xwiki-contrib/macro-plantuml/commit/c8b19bda93058794e04c8862…

https://github.com/xwiki-contrib/macro-plantuml/security/ad…

https://github.com/xwiki-contrib/macro-plantuml/security/advisories/GHSA-42fc-7…

https://jira.xwiki.org/browse/PLANTUML-25

CVE-2026-42140

Description

Server-Side Request Forgery (SSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter