What the vulnerability does
01Description
Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities.
CVSS base score
4.1/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
Key dates
02Disclosure timeline
December 18, 2024
CVE published
February 20, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-15414 go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
CVE-2026-4231 vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery
CVE-2017-0906
CVE-2026-35527 Incus blind SSRF via image import preflight HEAD request
