Cyber Resilience

CVE-2026-3270

MediumPublic PoC

Published: 27 February 2026

Published
27 February 2026
Modified
03 March 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 28.0th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-3270 is a medium-severity SSRF (CWE-918) vulnerability in Psi-Probe Psi Probe. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-3270 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting PSI Probe versions up to 5.3.0. The issue resides in the lookup function of the Whois component, specifically in the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java.

The vulnerability enables remote exploitation by attackers with low privileges (PR:L), requiring network access (AV:N), low attack complexity (AC:L), and no user interaction (UI:N), with an unchanged scope (S:U). Successful exploitation results in low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), as reflected in its CVSS v3.1 base score of 6.3, allowing attackers to manipulate the server into making unauthorized requests.

Advisories from VulDB (ctiid.347994, id.347994, submit.758666) and a public exploit disclosure on GitHub (https://github.com/AnalogyC0de/public_exp/issues/12) detail the issue, noting that the exploit has been made publicly available and may be used. The vendor was contacted early regarding the disclosure but provided no response, and no patches or specific mitigations are referenced.

The vulnerability was published on 2026-02-27, with the public exploit disclosure highlighting potential for active use in the wild.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit…

more

has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF vulnerability in public-facing PSI Probe web app directly enables initial access via exploitation of a remote, low-privilege vector (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-13195Shared CWE-918
CVE-2026-5052Shared CWE-918
CVE-2025-58045Shared CWE-918
CVE-2025-69299Shared CWE-918
CVE-2026-42398Shared CWE-918
CVE-2026-7025Shared CWE-918
CVE-2025-2691Shared CWE-918
CVE-2025-21385Shared CWE-918
CVE-2026-6625Shared CWE-918
CVE-2026-30118Shared CWE-918

Affected Assets

psi-probe
psi probe
≤ 5.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates the user-supplied target in the Whois.lookup function so the server cannot be tricked into issuing arbitrary outbound requests.

prevent

Enforces an explicit information-flow policy that restricts which destinations and protocols the Whois component is allowed to contact.

preventdetect

Boundary-protection mechanisms can filter or log the unauthorized outbound connections that the SSRF flaw would otherwise permit.

References