Primary

Context

Knowage Blind Server-Side Request Forgery Vulnerability

Vulnerability

A blind server-side request forgery vulnerability has been identified in Knowage versions prior to 8.1.37. This vulnerability allows attackers to send requests to arbitrary hosts and paths. Although the attacker cannot read the response, the vulnerability's impact is limited, it could be used to scan the internal network.

Impact

Exploitation of this vulnerability could allow an attacker to perform unauthorized network scans, potentially leading to further exploitation of internal resources.

Remediation

Users can upgrade to Knowage version 8.1.37 or later to address this vulnerability.

Added: Jan 7, 2026, 7:33 PM

Updated: Jan 7, 2026, 7:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Knowage Blind Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating