CVE-2026-30242
📋 TL;DR
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Plane project management software. Attackers with workspace ADMIN privileges can create webhooks pointing to internal network addresses, allowing them to read responses from internal systems. All Plane instances running versions before 1.2.3 are affected.
💻 Affected Systems
- Plane
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full internal network reconnaissance, data exfiltration from internal services, potential lateral movement to sensitive systems, and credential theft from metadata services like AWS IMDS.
Likely Case
Internal service enumeration, data leakage from internal APIs, and potential access to cloud metadata services exposing credentials.
If Mitigated
Limited to internal network scanning if proper network segmentation and egress filtering are in place.
🎯 Exploit Status
Exploitation requires authenticated ADMIN access. The vulnerability is straightforward to exploit once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.3
Vendor Advisory: https://github.com/makeplane/plane/security/advisories/GHSA-fpx8-73gf-7x73
Restart Required: Yes
Instructions:
1. Backup your Plane instance. 2. Update to version 1.2.3 or later using your deployment method (Docker, source, etc.). 3. Restart the Plane service. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict Webhook Creation
allTemporarily disable webhook creation or restrict ADMIN roles until patching is complete.
Network Egress Filtering
allImplement firewall rules to block outbound connections from Plane server to internal RFC1918 addresses and metadata endpoints.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Plane server from sensitive internal networks
- Apply principle of least privilege - review and reduce ADMIN role assignments
🔍 How to Verify
Check if Vulnerable:
Check Plane version. If version is less than 1.2.3, the system is vulnerable.Check Version:
Check Plane web interface settings or deployment configuration for version informationVerify Fix Applied:
After updating, verify version is 1.2.3 or higher and test that webhook creation to internal addresses is properly rejected.📡 Detection & Monitoring
Log Indicators:
- Webhook creation events to internal IP addresses
- Outbound HTTP requests from Plane server to RFC1918 addresses
Network Indicators:
- HTTP requests from Plane server to 10.x.x.x, 172.16.x.x, 192.168.x.x, or 169.254.169.254
SIEM Query:
source="plane" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16 OR dest_ip=169.254.169.254)