Cyber Resilience

CVE-2026-5346

Medium

Published: 02 April 2026

Published
02 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 18.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5346 is a medium-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-5346 is a server-side request forgery (SSRF) vulnerability affecting huimeicloud hm_editor versions up to 2.2.3. The issue resides in the client.get function within the src/mcp-server.js file of the image-to-base64 endpoint, where manipulation of the url argument enables the forgery. Classified under CWE-918, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-04-02.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to make unauthorized requests from the server to internal or external resources.

Advisories from VulDB and a related GitHub issue in wing3e/public_exp detail the vulnerability but note no response from the vendor despite early contact. No patches or official mitigations are available; practitioners should review the references at https://github.com/wing3e/public_exp/issues/11, https://vuldb.com/submit/781341, https://vuldb.com/vuln/354701, and https://vuldb.com/vuln/354701/cti for exploit details and consider network controls or endpoint restrictions as interim measures.

The exploit has been publicly disclosed and may be utilized, increasing the risk of active exploitation in unpatched environments.

EU & UK References

Vulnerability details

A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible…

more

to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF vulnerability in public-facing web application directly enables exploitation via T1190; ability to force server requests to internal resources facilitates network service discovery (T1046).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34476Shared CWE-918
CVE-2025-22603Shared CWE-918
CVE-2024-13924Shared CWE-918
CVE-2026-42860Shared CWE-918
CVE-2025-25785Shared CWE-918
CVE-2024-53705Shared CWE-918
CVE-2026-5418Shared CWE-918
CVE-2026-45082Shared CWE-918
CVE-2026-7147Shared CWE-918
CVE-2026-7065Shared CWE-918

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates SSRF by validating and sanitizing the manipulated 'url' argument in the client.get function before making requests.

prevent

Enforces boundary protections to monitor and control server-initiated outbound requests, preventing access to unauthorized internal or external resources via SSRF.

prevent

Controls information flows from the server by enforcing policies that restrict outbound requests based on approved destinations, limiting SSRF exploitation.

References