Cyber Resilience

CVE-2026-3750

MediumPublic PoC

Published: 08 March 2026

Published
08 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0005 17.3th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3750 is a medium-severity SSRF (CWE-918) vulnerability in Continew Continew Admin. Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-3750 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting ContiNew Admin versions up to 4.2.0. The flaw exists in the URI.create function of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java within the Storage Management Module.

The vulnerability enables remote exploitation by attackers who possess high privileges (PR:H), as indicated by its CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L). Successful exploitation requires network access and low attack complexity but demands elevated privileges, potentially resulting in low-level impacts to confidentiality, integrity, and availability without changing the scope.

Advisories referenced on VulDB and a Notion page detail the public disclosure of the exploit, noting it may be actively used. The vendor was notified early regarding the issue but provided no response, and no patches or specific mitigations are mentioned in the available disclosures.

EU & UK References

Vulnerability details

A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side request forgery. The attack is possible to…

more

be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF in network-accessible admin storage module (S3ClientFactory) enables remote app exploitation (T1190) and internal service/port probing via forged requests (T1046).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13924Shared CWE-918
CVE-2026-42860Shared CWE-918
CVE-2025-25785Shared CWE-918
CVE-2024-53705Shared CWE-918
CVE-2026-5418Shared CWE-918
CVE-2026-45082Shared CWE-918
CVE-2026-7065Shared CWE-918
CVE-2025-55150Shared CWE-918
CVE-2025-28091Shared CWE-918
CVE-2025-1849Shared CWE-918

Affected Assets

continew
continew admin
≤ 4.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of untrusted URI input to the vulnerable URI.create call, blocking crafted requests that trigger SSRF.

prevent

Enforces information-flow rules that restrict which destinations the Storage Management module may contact, preventing SSRF-driven outbound requests.

prevent

Boundary-protection mechanisms can apply egress filtering or allow-listing to block the unauthorized network requests enabled by the SSRF flaw.

References