CVE-2026-3270
Published: 27 February 2026
Summary
CVE-2026-3270 is a medium-severity SSRF (CWE-918) vulnerability in Psi-Probe Psi Probe. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-3270 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting PSI Probe versions up to 5.3.0. The issue resides in the lookup function of the Whois component, specifically in the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java.
The vulnerability enables remote exploitation by attackers with low privileges (PR:L), requiring network access (AV:N), low attack complexity (AC:L), and no user interaction (UI:N), with an unchanged scope (S:U). Successful exploitation results in low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), as reflected in its CVSS v3.1 base score of 6.3, allowing attackers to manipulate the server into making unauthorized requests.
Advisories from VulDB (ctiid.347994, id.347994, submit.758666) and a public exploit disclosure on GitHub (https://github.com/AnalogyC0de/public_exp/issues/12) detail the issue, noting that the exploit has been made publicly available and may be used. The vendor was contacted early regarding the disclosure but provided no response, and no patches or specific mitigations are referenced.
The vulnerability was published on 2026-02-27, with the public exploit disclosure highlighting potential for active use in the wild.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8942
Vulnerability details
A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit…
more
has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in public-facing PSI Probe web app directly enables initial access via exploitation of a remote, low-privilege vector (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates the user-supplied target in the Whois.lookup function so the server cannot be tricked into issuing arbitrary outbound requests.
Enforces an explicit information-flow policy that restricts which destinations and protocols the Whois component is allowed to contact.
Boundary-protection mechanisms can filter or log the unauthorized outbound connections that the SSRF flaw would otherwise permit.