Kan est vulnérable à une SSRF non authentifiée via le point de terminaison de téléchargement de pièces jointes
Plateforme
nodejs
Composant
kan
Corrigé dans
0.5.6
CVE-2026-32255 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Kan, an open-source project management tool. This vulnerability allows an unauthenticated attacker to initiate HTTP requests from the Kan server to arbitrary internal or external resources. The issue impacts versions 0.5.4 and earlier, and a fix is available in version 0.5.5. Immediate action is recommended to prevent potential data exposure and unauthorized access.
Impact et Scénarios d'Attaquetraduction en cours…
The SSRF vulnerability in Kan allows attackers to bypass security controls and interact with internal systems that are not directly accessible from the outside world. An attacker could leverage this to access sensitive data stored on internal servers, such as configuration files, database credentials, or even internal APIs. Furthermore, they could potentially interact with cloud metadata endpoints to retrieve AWS IAM credentials or other cloud-specific secrets. The lack of authentication makes this vulnerability particularly concerning, as any unauthenticated user can trigger the SSRF. This could lead to significant data breaches and compromise of internal infrastructure.
Contexte d'Exploitationtraduction en cours…
CVE-2026-32255 was publicly disclosed on 2026-03-18. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's ease of exploitation suggests that it could become a target for opportunistic attackers. The lack of authentication significantly increases the risk of exploitation.
Qui Est à Risquetraduction en cours…
Organizations using Kan for project management, particularly those with internal services or cloud resources accessible from the Kan server, are at risk. Shared hosting environments where Kan is deployed could be particularly vulnerable, as a compromised account on one instance could potentially exploit the SSRF on other instances.
Étapes de Détectiontraduction en cours…
• nodejs / server: Monitor access logs for requests to /api/download/attatchment with unusual or unexpected URL query parameters.
grep '/api/download/attatchment' access.log | grep -i 'http:'• generic web: Use curl to test the endpoint with a known internal IP address or cloud metadata endpoint.
curl -v http://<kan_server_ip>/api/download/attatchment?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/Chronologie de l'Attaque
- Disclosure
disclosure
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
0.05% (percentile 17%)
CISA SSVC
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Aucun — sans authentification. Aucune identifiant requis pour exploiter.
- User Interaction
- Aucune — attaque automatique et silencieuse. La victime ne fait rien.
- Scope
- Modifié — l'attaque peut pivoter au-delà du composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Aucun — aucun impact sur l'intégrité.
- Availability
- Aucun — aucun impact sur la disponibilité.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- Modifiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2026-32255 is to upgrade Kan to version 0.5.5 or later, which includes the necessary fix. If upgrading is not immediately feasible, a temporary workaround is to block or restrict access to the /api/download/attatchment endpoint. This can be achieved through a Web Application Firewall (WAF), proxy server, or network firewall rules. Ensure that any firewall rules are properly configured to prevent bypasses. After upgrading, confirm the fix by attempting to access the /api/download/attatchment endpoint with a known malicious URL; the request should be rejected.
Comment corriger
Mettez à jour Kan à la version 0.5.5 ou supérieure. Sinon, bloquez ou restreignez l'accès au point de terminaison /api/download/attatchment sur votre proxy inverse (nginx, Cloudflare, etc.). Cela empêchera les attaquants non authentifiés d'exploiter la vulnérabilité SSRF.
Newsletter Sécurité CVE
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Questions fréquentestraduction en cours…
What is CVE-2026-32255 — SSRF in Kan Project Management Tool?
CVE-2026-32255 is a HIGH severity SSRF vulnerability in Kan versions 0.5.4 and below, allowing unauthenticated attackers to make HTTP requests from the server to internal resources.
Am I affected by CVE-2026-32255 in Kan Project Management Tool?
You are affected if you are using Kan version 0.5.4 or earlier. Upgrade to version 0.5.5 to resolve the vulnerability.
How do I fix CVE-2026-32255 in Kan Project Management Tool?
Upgrade Kan to version 0.5.5. As a temporary workaround, block access to the /api/download/attatchment endpoint.
Is CVE-2026-32255 being actively exploited?
There is currently no evidence of active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Where can I find the official Kan advisory for CVE-2026-32255?
Refer to the Kan project's official website and GitHub repository for updates and advisories related to CVE-2026-32255.
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.