Product

Typecho (<= 1.3.0)

1 brief RSS

Typecho <= 1.3.0 Server-Side Request Forgery Vulnerability (CVE-2026-7025)

A server-side request forgery (SSRF) vulnerability exists in Typecho up to version 1.3.0, allowing remote attackers to manipulate the X-Pingback/link argument in the Service::sendPingHandle function to potentially make arbitrary HTTP requests.

Typecho ssrf cve-2026-7025

2r 1t 1c 1w ago