Login Sign Up

CVE-2026-1884

4.7 MEDIUM
SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in ZenTao's Webhook Module. Attackers can exploit the fetchHook function to make the server send unauthorized requests to internal systems. All ZenTao instances up to version 21.7.6-85642 are affected.

💻 Affected Systems

Products:
  • ZenTao
Versions: up to 21.7.6-85642
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with webhook module enabled are vulnerable. The vulnerability exists in the core webhook functionality.

📦 What is this software?

Zentao by Zentao

View all CVEs affecting Zentao →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could pivot to internal networks, access sensitive internal services, perform port scanning, or potentially achieve remote code execution through chained attacks.

🟠

Likely Case

Unauthorized access to internal HTTP services, data exfiltration from internal endpoints, or reconnaissance of internal network infrastructure.

🟢

If Mitigated

Limited to accessing only allowed internal services with proper network segmentation and egress filtering.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available. Attack requires webhook access but is straightforward to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading to latest version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable Webhook Module

all

Completely disable the vulnerable webhook module to prevent exploitation

Navigate to ZenTao admin panel > Module Management > Disable Webhook Module

Restrict Webhook Access

all

Limit webhook functionality to trusted users only

Configure ZenTao permissions to restrict webhook creation/modification to administrators only

🧯 If You Can't Patch

  • Implement strict network egress filtering to limit outbound connections from ZenTao server
  • Deploy web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check ZenTao version in admin panel or via version file. If version is 21.7.6-85642 or earlier, system is vulnerable.

Check Version:

Check /path/to/zentaopms/VERSION file or admin panel version display

Verify Fix Applied:

Test webhook functionality with SSRF payloads. If requests to internal IPs are blocked, fix is working.

📡 Detection & Monitoring

Log Indicators:

  • Unusual webhook activity
  • Requests to internal IP addresses from ZenTao server
  • Multiple failed webhook attempts

Network Indicators:

  • Outbound HTTP requests from ZenTao server to internal IP ranges
  • Unusual port scanning activity originating from ZenTao server

SIEM Query:

source="zentaopms" AND (event="webhook" OR event="fetchHook") AND dest_ip IN (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)

📊 Metadata

CVE ID: CVE-2026-1884
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-918
EPSS Score: 0.03% exploit probability (9.3th percentile)
Published: February 4, 2026
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1884, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)