CVE-2026-21859: Go Ssrf Query Parameter
A query parameter or form value is fetched and used directly to construct an HTTP request. This sequence enables Server-Side Request Forgery (SSRF), letting attackers interact with internal network boundaries. The URL must be strictly verified against an internal allowlist beforehand.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Goβ
Goβgreprules fetch cve-2026-21859-go-ssrf-query-parameter --engine opengrepDescription
A query parameter or form value is fetched and used directly to construct an HTTP request. This sequence enables Server-Side Request Forgery (SSRF), letting attackers interact with internal network boundaries. The URL must be strictly verified against an internal allowlist beforehand.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0