CVE-2026-2532CRITICAL 9.8EPSS p15.6%

CVE-2026-2532CVE-2026-2532

Description

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.0.4 and 3.1.0 is capable of addressing this issue. The patch is named da853fdd8cbe9d42053b45d83f25708ba29b8b27. It is suggested to upgrade the affected component.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.25% probability of exploitation · percentile 15.6% · 2026-06-19T12:03:05Z
Published2026-02-16
Last modified2026-02-28

Underlying weaknesses· 1

CWE-918

References

  1. https://github.com/lintsinghua/DeepAudit/
  2. https://github.com/lintsinghua/DeepAudit/commit/da853fdd8cbe9d42053b45d83f25708ba29b8b27
  3. https://github.com/lintsinghua/DeepAudit/issues/144
  4. https://github.com/lintsinghua/DeepAudit/pull/145
  5. https://github.com/lintsinghua/DeepAudit/releases/tag/v3.0.4
  6. https://vuldb.com/?ctiid.346120
  7. https://vuldb.com/?id.346120
  8. https://vuldb.com/?submit.748220

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2828
CVE
CVE-2026-1062
CVE
CVE-2026-9813
CVE
CVE-2026-10281
CVE
CVE-2025-8228
CVE
CVE-2026-8836
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.