Plateforme
nodejs
Composant
kan
Corrigé dans
0.5.6
CVE-2026-32255 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Kan, an open-source project management tool. This vulnerability allows an unauthenticated attacker to initiate HTTP requests from the Kan server to arbitrary internal or external resources. The issue impacts versions 0.5.4 and earlier, and a fix is available in version 0.5.5. Immediate action is recommended to prevent potential data exposure and unauthorized access.
The SSRF vulnerability in Kan allows attackers to bypass security controls and interact with internal systems that are not directly accessible from the outside world. An attacker could leverage this to access sensitive data stored on internal servers, such as configuration files, database credentials, or even internal APIs. Furthermore, they could potentially interact with cloud metadata endpoints to retrieve AWS IAM credentials or other cloud-specific secrets. The lack of authentication makes this vulnerability particularly concerning, as any unauthenticated user can trigger the SSRF. This could lead to significant data breaches and compromise of internal infrastructure.
CVE-2026-32255 was publicly disclosed on 2026-03-18. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's ease of exploitation suggests that it could become a target for opportunistic attackers. The lack of authentication significantly increases the risk of exploitation.
Organizations using Kan for project management, particularly those with internal services or cloud resources accessible from the Kan server, are at risk. Shared hosting environments where Kan is deployed could be particularly vulnerable, as a compromised account on one instance could potentially exploit the SSRF on other instances.
• nodejs / server: Monitor access logs for requests to /api/download/attatchment with unusual or unexpected URL query parameters.
grep '/api/download/attatchment' access.log | grep -i 'http:'• generic web: Use curl to test the endpoint with a known internal IP address or cloud metadata endpoint.
curl -v http://<kan_server_ip>/api/download/attatchment?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/disclosure
Statut de l'Exploit
EPSS
0.05% (percentile 17%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-32255 is to upgrade Kan to version 0.5.5 or later, which includes the necessary fix. If upgrading is not immediately feasible, a temporary workaround is to block or restrict access to the /api/download/attatchment endpoint. This can be achieved through a Web Application Firewall (WAF), proxy server, or network firewall rules. Ensure that any firewall rules are properly configured to prevent bypasses. After upgrading, confirm the fix by attempting to access the /api/download/attatchment endpoint with a known malicious URL; the request should be rejected.
Mettez à jour Kan à la version 0.5.5 ou supérieure. Sinon, bloquez ou restreignez l'accès au point de terminaison /api/download/attatchment sur votre proxy inverse (nginx, Cloudflare, etc.). Cela empêchera les attaquants non authentifiés d'exploiter la vulnérabilité SSRF.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-32255 is a HIGH severity SSRF vulnerability in Kan versions 0.5.4 and below, allowing unauthenticated attackers to make HTTP requests from the server to internal resources.
You are affected if you are using Kan version 0.5.4 or earlier. Upgrade to version 0.5.5 to resolve the vulnerability.
Upgrade Kan to version 0.5.5. As a temporary workaround, block access to the /api/download/attatchment endpoint.
There is currently no evidence of active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the Kan project's official website and GitHub repository for updates and advisories related to CVE-2026-32255.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.