PSA-2026-04-SRGACVE-2024-343512026-04-197.5 High
High-Severity SSRF in Postiz App
High-Severity SSRF in Postiz App
Impact
A successful SSRF attack allows an attacker to:
- Bypass firewalls to scan and interact with internal network services/ports.
- Access sensitive cloud metadata services (e.g., AWS IMDS 169.254.169.254) to potentially leak instance credentials.
- Pivot into the internal network environment where Postiz is hosted.
Workarounds
There are no workarounds known to this, please upgrade to Postiz version v2.21.1.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-34351 http://cwe.mitre.org/data/definitions/918.html https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g