CVE-2026-2532
Published: 16 February 2026
Summary
CVE-2026-2532 is a medium-severity SSRF (CWE-918) vulnerability in Lintsinghua Deepaudit. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-2532 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting lintsinghua DeepAudit versions up to and including 3.0.3. The issue occurs in some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py within the IP Address Handler component.
The vulnerability carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), meaning it can be exploited remotely over the network with low attack complexity by an attacker with low privileges and no user interaction required. Successful exploitation enables SSRF, resulting in low impacts to confidentiality, integrity, and availability.
Advisories recommend upgrading to DeepAudit version 3.0.4 or 3.1.0 to address the issue, with the specific patch applied in commit da853fdd8cbe9d42053b45d83f25708ba29b8b27. Additional details are documented in the project's GitHub repository, including issue #144, pull request #145, and release notes for v3.0.4.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6130
Vulnerability details
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiate the…
more
attack remotely. Upgrading to version 3.0.4 and 3.1.0 is capable of addressing this issue. The patch is named da853fdd8cbe9d42053b45d83f25708ba29b8b27. It is suggested to upgrade the affected component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in a remotely accessible API endpoint (AV:N, public-facing web app component) directly maps to exploitation of public-facing applications for initial access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of IP/URL inputs in embedding_config.py to block crafted values that trigger SSRF.
Enforces information-flow policy that restricts the application from initiating outbound requests to arbitrary destinations.
Boundary-protection mechanisms can deny or filter the unauthorized outbound connections used in the SSRF attack.