CVE-2026-40168
Published: 10 April 2026
Summary
CVE-2026-40168 is a high-severity SSRF (CWE-918) vulnerability in Gitroom Postiz. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 mandates validation of information inputs such as URLs, directly addressing the failure to re-validate destinations after HTTP redirects in the SSRF vulnerability.
AC-4 enforces information flow control policies that prevent unauthorized access to internal resources by blocking flows initiated via SSRF redirects.
SC-7 provides boundary protection to monitor and control outbound communications from the application, blocking SSRF requests to internal hosts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing /api/public/stream endpoint enables remote unauthenticated exploitation of the web application to access internal resources.
NVD Description
Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP…
more
redirects. As a result, an attacker can supply a public HTTPS URL that passes validation and then redirects the server-side request to an internal resource.
Deeper analysisAI
CVE-2026-40168 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting Postiz, an AI social media scheduling tool, in versions prior to 2.21.5. The issue exists in the /api/public/stream endpoint, where the application validates the initially supplied URL to block direct requests to private or internal hosts but does not re-validate the final destination following HTTP redirects. This flaw enables attackers to provide a public HTTPS URL that passes initial validation and subsequently redirects the server-side request to an internal resource. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L), indicating high severity due to significant confidentiality risks.
Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no user interaction required. By submitting a specially crafted request to the /api/public/stream endpoint containing a public HTTPS URL that redirects to an internal host, attackers can compel the Postiz server to fetch internal resources. Successful exploitation primarily yields high confidentiality impact by exposing sensitive internal data, with a lesser availability impact potentially from resource exhaustion.
Mitigation is available via an upgrade to Postiz version 2.21.5, which includes the fix implemented in commit 30e8b777098157362769226d1b46d83ad616cb06. Additional details on the patch and remediation steps are provided in the GitHub Security Advisory GHSA-34w8-5j2v-h6ww and the corresponding release notes.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai