Cyber Resilience

CVE-2026-2532

Medium

Published: 16 February 2026

Published
16 February 2026
Modified
28 February 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 15.6th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-2532 is a medium-severity SSRF (CWE-918) vulnerability in Lintsinghua Deepaudit. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-2532 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting lintsinghua DeepAudit versions up to and including 3.0.3. The issue occurs in some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py within the IP Address Handler component.

The vulnerability carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), meaning it can be exploited remotely over the network with low attack complexity by an attacker with low privileges and no user interaction required. Successful exploitation enables SSRF, resulting in low impacts to confidentiality, integrity, and availability.

Advisories recommend upgrading to DeepAudit version 3.0.4 or 3.1.0 to address the issue, with the specific patch applied in commit da853fdd8cbe9d42053b45d83f25708ba29b8b27. Additional details are documented in the project's GitHub repository, including issue #144, pull request #145, and release notes for v3.0.4.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiate the…

more

attack remotely. Upgrading to version 3.0.4 and 3.1.0 is capable of addressing this issue. The patch is named da853fdd8cbe9d42053b45d83f25708ba29b8b27. It is suggested to upgrade the affected component.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF in a remotely accessible API endpoint (AV:N, public-facing web app component) directly maps to exploitation of public-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-13195Shared CWE-918
CVE-2026-5052Shared CWE-918
CVE-2025-58045Shared CWE-918
CVE-2025-69299Shared CWE-918
CVE-2026-42398Shared CWE-918
CVE-2026-7025Shared CWE-918
CVE-2025-2691Shared CWE-918
CVE-2025-21385Shared CWE-918
CVE-2026-6625Shared CWE-918
CVE-2026-30118Shared CWE-918

Affected Assets

lintsinghua
deepaudit
≤ 3.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of IP/URL inputs in embedding_config.py to block crafted values that trigger SSRF.

prevent

Enforces information-flow policy that restricts the application from initiating outbound requests to arbitrary destinations.

prevent

Boundary-protection mechanisms can deny or filter the unauthorized outbound connections used in the SSRF attack.

References