Vulnerability Description
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zentao | Zentao | <= 21.7.6 |
Related Weaknesses (CWE)
References
- https://github.com/ez-lbz/ez-lbz.github.io/issues/9ExploitThird Party AdvisoryIssue Tracking
- https://github.com/ez-lbz/ez-lbz.github.io/issues/9#issue-3832844574ExploitThird Party Advisory
- https://vuldb.com/?ctiid.344264Permissions RequiredVDB Entry
- https://vuldb.com/?id.344264Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.742633Third Party AdvisoryVDB Entry
- https://github.com/ez-lbz/ez-lbz.github.io/issues/9ExploitThird Party AdvisoryIssue Tracking
- https://github.com/ez-lbz/ez-lbz.github.io/issues/9#issue-3832844574ExploitThird Party Advisory
FAQ
What is CVE-2026-1884?
CVE-2026-1884 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation caus...
How severe is CVE-2026-1884?
CVE-2026-1884 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1884?
Check the references section above for vendor advisories and patch information. Affected products include: Zentao Zentao.