CVE-2026-43936

Severity CVSS v4.0:
Pending analysis
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
26/05/2026
Last modified:
26/05/2026

Description

e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.