CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-39362

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DOWNLOAD_FROM_URL is enabled (opt-in), authenticated users can supply remote_image URLs that are fetched server-side via requests.get() with only Django's URLValidator check. There is no validation against private IP ranges or internal hostnames. Redirects are followed (allow_redirects=True), enabling bypass of any URL-format checks. This vulnerability is fixed in 1.2.7 and 1.3.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.0%

CVSS Severity

CVSS v3 Score 7.1

References

https://github.com/inventree/InvenTree/security/advisories/GHSA-m9j7-jw3m-fr22

Products affected by CVE-2026-39362

Inventree Project » Inventree » Version: N/A

cpe:2.3:a:inventree_project:inventree:-
Inventree Project » Inventree » Version: 0.0.10

cpe:2.3:a:inventree_project:inventree:0.0.10
Inventree Project » Inventree » Version: 0.0.11

cpe:2.3:a:inventree_project:inventree:0.0.11
Inventree Project » Inventree » Version: 0.0.12

cpe:2.3:a:inventree_project:inventree:0.0.12
Inventree Project » Inventree » Version: 0.0.3

cpe:2.3:a:inventree_project:inventree:0.0.3
Inventree Project » Inventree » Version: 0.0.5

cpe:2.3:a:inventree_project:inventree:0.0.5
Inventree Project » Inventree » Version: 0.0.6

cpe:2.3:a:inventree_project:inventree:0.0.6
Inventree Project » Inventree » Version: 0.0.7

cpe:2.3:a:inventree_project:inventree:0.0.7
Inventree Project » Inventree » Version: 0.0.8

cpe:2.3:a:inventree_project:inventree:0.0.8
Inventree Project » Inventree » Version: 0.0.9

cpe:2.3:a:inventree_project:inventree:0.0.9
Inventree Project » Inventree » Version: 0.1.0

cpe:2.3:a:inventree_project:inventree:0.1.0
Inventree Project » Inventree » Version: 0.1.1

cpe:2.3:a:inventree_project:inventree:0.1.1
Inventree Project » Inventree » Version: 0.1.2

cpe:2.3:a:inventree_project:inventree:0.1.2
Inventree Project » Inventree » Version: 0.1.3

cpe:2.3:a:inventree_project:inventree:0.1.3
Inventree Project » Inventree » Version: 0.1.4

cpe:2.3:a:inventree_project:inventree:0.1.4
Inventree Project » Inventree » Version: 0.1.5

cpe:2.3:a:inventree_project:inventree:0.1.5
Inventree Project » Inventree » Version: 0.1.6

cpe:2.3:a:inventree_project:inventree:0.1.6
Inventree Project » Inventree » Version: 0.1.7

cpe:2.3:a:inventree_project:inventree:0.1.7
Inventree Project » Inventree » Version: 0.1.8

cpe:2.3:a:inventree_project:inventree:0.1.8
Inventree Project » Inventree » Version: 0.10.0

cpe:2.3:a:inventree_project:inventree:0.10.0
Inventree Project » Inventree » Version: 0.10.1

cpe:2.3:a:inventree_project:inventree:0.10.1
Inventree Project » Inventree » Version: 0.11.0

cpe:2.3:a:inventree_project:inventree:0.11.0
Inventree Project » Inventree » Version: 0.11.1

cpe:2.3:a:inventree_project:inventree:0.11.1
Inventree Project » Inventree » Version: 0.11.2

cpe:2.3:a:inventree_project:inventree:0.11.2
Inventree Project » Inventree » Version: 0.11.3

cpe:2.3:a:inventree_project:inventree:0.11.3
Inventree Project » Inventree » Version: 0.12.0

cpe:2.3:a:inventree_project:inventree:0.12.0
Inventree Project » Inventree » Version: 0.12.1

cpe:2.3:a:inventree_project:inventree:0.12.1
Inventree Project » Inventree » Version: 0.12.10

cpe:2.3:a:inventree_project:inventree:0.12.10
Inventree Project » Inventree » Version: 0.12.2

cpe:2.3:a:inventree_project:inventree:0.12.2
Inventree Project » Inventree » Version: 0.12.3

cpe:2.3:a:inventree_project:inventree:0.12.3
Inventree Project » Inventree » Version: 0.12.4

cpe:2.3:a:inventree_project:inventree:0.12.4
Inventree Project » Inventree » Version: 0.12.5

cpe:2.3:a:inventree_project:inventree:0.12.5
Inventree Project » Inventree » Version: 0.12.6

cpe:2.3:a:inventree_project:inventree:0.12.6
Inventree Project » Inventree » Version: 0.12.7

cpe:2.3:a:inventree_project:inventree:0.12.7
Inventree Project » Inventree » Version: 0.12.8

cpe:2.3:a:inventree_project:inventree:0.12.8
Inventree Project » Inventree » Version: 0.12.9

cpe:2.3:a:inventree_project:inventree:0.12.9
Inventree Project » Inventree » Version: 0.13.0

cpe:2.3:a:inventree_project:inventree:0.13.0
Inventree Project » Inventree » Version: 0.13.1

cpe:2.3:a:inventree_project:inventree:0.13.1
Inventree Project » Inventree » Version: 0.13.2

cpe:2.3:a:inventree_project:inventree:0.13.2
Inventree Project » Inventree » Version: 0.13.3

cpe:2.3:a:inventree_project:inventree:0.13.3
Inventree Project » Inventree » Version: 0.13.4

cpe:2.3:a:inventree_project:inventree:0.13.4
Inventree Project » Inventree » Version: 0.13.5

cpe:2.3:a:inventree_project:inventree:0.13.5
Inventree Project » Inventree » Version: 0.13.6

cpe:2.3:a:inventree_project:inventree:0.13.6
Inventree Project » Inventree » Version: 0.14.0

cpe:2.3:a:inventree_project:inventree:0.14.0
Inventree Project » Inventree » Version: 0.14.1

cpe:2.3:a:inventree_project:inventree:0.14.1
Inventree Project » Inventree » Version: 0.14.2

cpe:2.3:a:inventree_project:inventree:0.14.2
Inventree Project » Inventree » Version: 0.14.3

cpe:2.3:a:inventree_project:inventree:0.14.3
Inventree Project » Inventree » Version: 0.14.4

cpe:2.3:a:inventree_project:inventree:0.14.4
Inventree Project » Inventree » Version: 0.14.5

cpe:2.3:a:inventree_project:inventree:0.14.5
Inventree Project » Inventree » Version: 0.15.0

cpe:2.3:a:inventree_project:inventree:0.15.0
Inventree Project » Inventree » Version: 0.15.1

cpe:2.3:a:inventree_project:inventree:0.15.1
Inventree Project » Inventree » Version: 0.15.2

cpe:2.3:a:inventree_project:inventree:0.15.2
Inventree Project » Inventree » Version: 0.15.3

cpe:2.3:a:inventree_project:inventree:0.15.3
Inventree Project » Inventree » Version: 0.15.4

cpe:2.3:a:inventree_project:inventree:0.15.4
Inventree Project » Inventree » Version: 0.15.5

cpe:2.3:a:inventree_project:inventree:0.15.5
Inventree Project » Inventree » Version: 0.15.6

cpe:2.3:a:inventree_project:inventree:0.15.6
Inventree Project » Inventree » Version: 0.15.7

cpe:2.3:a:inventree_project:inventree:0.15.7
Inventree Project » Inventree » Version: 0.15.8

cpe:2.3:a:inventree_project:inventree:0.15.8
Inventree Project » Inventree » Version: 0.16.0

cpe:2.3:a:inventree_project:inventree:0.16.0
Inventree Project » Inventree » Version: 0.16.1

cpe:2.3:a:inventree_project:inventree:0.16.1
Inventree Project » Inventree » Version: 0.16.2

cpe:2.3:a:inventree_project:inventree:0.16.2
Inventree Project » Inventree » Version: 0.16.3

cpe:2.3:a:inventree_project:inventree:0.16.3
Inventree Project » Inventree » Version: 0.16.4

cpe:2.3:a:inventree_project:inventree:0.16.4
Inventree Project » Inventree » Version: 0.16.5

cpe:2.3:a:inventree_project:inventree:0.16.5
Inventree Project » Inventree » Version: 0.16.6

cpe:2.3:a:inventree_project:inventree:0.16.6
Inventree Project » Inventree » Version: 0.16.7

cpe:2.3:a:inventree_project:inventree:0.16.7
Inventree Project » Inventree » Version: 0.16.8

cpe:2.3:a:inventree_project:inventree:0.16.8
Inventree Project » Inventree » Version: 0.16.9

cpe:2.3:a:inventree_project:inventree:0.16.9
Inventree Project » Inventree » Version: 0.17.0

cpe:2.3:a:inventree_project:inventree:0.17.0
Inventree Project » Inventree » Version: 0.17.1

cpe:2.3:a:inventree_project:inventree:0.17.1
Inventree Project » Inventree » Version: 0.17.10

cpe:2.3:a:inventree_project:inventree:0.17.10
Inventree Project » Inventree » Version: 0.17.11

cpe:2.3:a:inventree_project:inventree:0.17.11
Inventree Project » Inventree » Version: 0.17.12

cpe:2.3:a:inventree_project:inventree:0.17.12
Inventree Project » Inventree » Version: 0.17.13

cpe:2.3:a:inventree_project:inventree:0.17.13
Inventree Project » Inventree » Version: 0.17.14

cpe:2.3:a:inventree_project:inventree:0.17.14
Inventree Project » Inventree » Version: 0.17.2

cpe:2.3:a:inventree_project:inventree:0.17.2
Inventree Project » Inventree » Version: 0.17.3

cpe:2.3:a:inventree_project:inventree:0.17.3
Inventree Project » Inventree » Version: 0.17.4

cpe:2.3:a:inventree_project:inventree:0.17.4
Inventree Project » Inventree » Version: 0.17.5

cpe:2.3:a:inventree_project:inventree:0.17.5
Inventree Project » Inventree » Version: 0.17.6

cpe:2.3:a:inventree_project:inventree:0.17.6
Inventree Project » Inventree » Version: 0.17.7

cpe:2.3:a:inventree_project:inventree:0.17.7
Inventree Project » Inventree » Version: 0.17.8

cpe:2.3:a:inventree_project:inventree:0.17.8
Inventree Project » Inventree » Version: 0.17.9

cpe:2.3:a:inventree_project:inventree:0.17.9
Inventree Project » Inventree » Version: 0.2.0

cpe:2.3:a:inventree_project:inventree:0.2.0
Inventree Project » Inventree » Version: 0.2.1

cpe:2.3:a:inventree_project:inventree:0.2.1
Inventree Project » Inventree » Version: 0.2.2

cpe:2.3:a:inventree_project:inventree:0.2.2
Inventree Project » Inventree » Version: 0.2.3

cpe:2.3:a:inventree_project:inventree:0.2.3
Inventree Project » Inventree » Version: 0.2.4

cpe:2.3:a:inventree_project:inventree:0.2.4
Inventree Project » Inventree » Version: 0.3.0

cpe:2.3:a:inventree_project:inventree:0.3.0
Inventree Project » Inventree » Version: 0.4.0

cpe:2.3:a:inventree_project:inventree:0.4.0
Inventree Project » Inventree » Version: 0.4.1

cpe:2.3:a:inventree_project:inventree:0.4.1
Inventree Project » Inventree » Version: 0.4.2

cpe:2.3:a:inventree_project:inventree:0.4.2
Inventree Project » Inventree » Version: 0.4.3

cpe:2.3:a:inventree_project:inventree:0.4.3
Inventree Project » Inventree » Version: 0.4.4

cpe:2.3:a:inventree_project:inventree:0.4.4
Inventree Project » Inventree » Version: 0.4.5

cpe:2.3:a:inventree_project:inventree:0.4.5
Inventree Project » Inventree » Version: 0.5.0

cpe:2.3:a:inventree_project:inventree:0.5.0
Inventree Project » Inventree » Version: 0.5.1

cpe:2.3:a:inventree_project:inventree:0.5.1
Inventree Project » Inventree » Version: 0.5.2

cpe:2.3:a:inventree_project:inventree:0.5.2
Inventree Project » Inventree » Version: 0.5.3

cpe:2.3:a:inventree_project:inventree:0.5.3
Inventree Project » Inventree » Version: 0.5.4

cpe:2.3:a:inventree_project:inventree:0.5.4
Inventree Project » Inventree » Version: 0.6.0

cpe:2.3:a:inventree_project:inventree:0.6.0
Inventree Project » Inventree » Version: 0.6.1

cpe:2.3:a:inventree_project:inventree:0.6.1
Inventree Project » Inventree » Version: 0.6.2

cpe:2.3:a:inventree_project:inventree:0.6.2
Inventree Project » Inventree » Version: 0.6.3

cpe:2.3:a:inventree_project:inventree:0.6.3
Inventree Project » Inventree » Version: 0.6.4

cpe:2.3:a:inventree_project:inventree:0.6.4
Inventree Project » Inventree » Version: 0.7.0

cpe:2.3:a:inventree_project:inventree:0.7.0
Inventree Project » Inventree » Version: 0.7.1

cpe:2.3:a:inventree_project:inventree:0.7.1
Inventree Project » Inventree » Version: 0.7.2

cpe:2.3:a:inventree_project:inventree:0.7.2
Inventree Project » Inventree » Version: 0.7.3

cpe:2.3:a:inventree_project:inventree:0.7.3
Inventree Project » Inventree » Version: 0.7.4

cpe:2.3:a:inventree_project:inventree:0.7.4
Inventree Project » Inventree » Version: 0.7.5

cpe:2.3:a:inventree_project:inventree:0.7.5
Inventree Project » Inventree » Version: 0.7.6

cpe:2.3:a:inventree_project:inventree:0.7.6
Inventree Project » Inventree » Version: 0.7.7

cpe:2.3:a:inventree_project:inventree:0.7.7
Inventree Project » Inventree » Version: 0.8.0

cpe:2.3:a:inventree_project:inventree:0.8.0
Inventree Project » Inventree » Version: 0.8.1

cpe:2.3:a:inventree_project:inventree:0.8.1
Inventree Project » Inventree » Version: 0.8.2

cpe:2.3:a:inventree_project:inventree:0.8.2
Inventree Project » Inventree » Version: 0.8.3

cpe:2.3:a:inventree_project:inventree:0.8.3
Inventree Project » Inventree » Version: 0.8.4

cpe:2.3:a:inventree_project:inventree:0.8.4
Inventree Project » Inventree » Version: 0.9.0

cpe:2.3:a:inventree_project:inventree:0.9.0
Inventree Project » Inventree » Version: 0.9.1

cpe:2.3:a:inventree_project:inventree:0.9.1
Inventree Project » Inventree » Version: 0.9.2

cpe:2.3:a:inventree_project:inventree:0.9.2
Inventree Project » Inventree » Version: 1.0.0

cpe:2.3:a:inventree_project:inventree:1.0.0
Inventree Project » Inventree » Version: 1.0.1

cpe:2.3:a:inventree_project:inventree:1.0.1
Inventree Project » Inventree » Version: 1.0.2

cpe:2.3:a:inventree_project:inventree:1.0.2
Inventree Project » Inventree » Version: 1.0.3

cpe:2.3:a:inventree_project:inventree:1.0.3
Inventree Project » Inventree » Version: 1.0.4

cpe:2.3:a:inventree_project:inventree:1.0.4
Inventree Project » Inventree » Version: 1.0.5

cpe:2.3:a:inventree_project:inventree:1.0.5
Inventree Project » Inventree » Version: 1.0.6

cpe:2.3:a:inventree_project:inventree:1.0.6
Inventree Project » Inventree » Version: 1.0.7

cpe:2.3:a:inventree_project:inventree:1.0.7
Inventree Project » Inventree » Version: 1.0.8

cpe:2.3:a:inventree_project:inventree:1.0.8
Inventree Project » Inventree » Version: 1.0.9

cpe:2.3:a:inventree_project:inventree:1.0.9
Inventree Project » Inventree » Version: 1.1.0

cpe:2.3:a:inventree_project:inventree:1.1.0
Inventree Project » Inventree » Version: 1.1.1

cpe:2.3:a:inventree_project:inventree:1.1.1
Inventree Project » Inventree » Version: 1.1.10

cpe:2.3:a:inventree_project:inventree:1.1.10
Inventree Project » Inventree » Version: 1.1.11

cpe:2.3:a:inventree_project:inventree:1.1.11
Inventree Project » Inventree » Version: 1.1.12

cpe:2.3:a:inventree_project:inventree:1.1.12
Inventree Project » Inventree » Version: 1.1.2

cpe:2.3:a:inventree_project:inventree:1.1.2
Inventree Project » Inventree » Version: 1.1.3

cpe:2.3:a:inventree_project:inventree:1.1.3
Inventree Project » Inventree » Version: 1.1.4

cpe:2.3:a:inventree_project:inventree:1.1.4
Inventree Project » Inventree » Version: 1.1.5

cpe:2.3:a:inventree_project:inventree:1.1.5
Inventree Project » Inventree » Version: 1.1.6

cpe:2.3:a:inventree_project:inventree:1.1.6
Inventree Project » Inventree » Version: 1.1.7

cpe:2.3:a:inventree_project:inventree:1.1.7
Inventree Project » Inventree » Version: 1.1.8

cpe:2.3:a:inventree_project:inventree:1.1.8
Inventree Project » Inventree » Version: 1.1.9

cpe:2.3:a:inventree_project:inventree:1.1.9
Inventree Project » Inventree » Version: 1.2.0

cpe:2.3:a:inventree_project:inventree:1.2.0
Inventree Project » Inventree » Version: 1.2.1

cpe:2.3:a:inventree_project:inventree:1.2.1
Inventree Project » Inventree » Version: 1.2.2

cpe:2.3:a:inventree_project:inventree:1.2.2
Inventree Project » Inventree » Version: 1.2.3

cpe:2.3:a:inventree_project:inventree:1.2.3
Inventree Project » Inventree » Version: 1.2.4

cpe:2.3:a:inventree_project:inventree:1.2.4
Inventree Project » Inventree » Version: 1.2.5

cpe:2.3:a:inventree_project:inventree:1.2.5
Inventree Project » Inventree » Version: 1.2.6

cpe:2.3:a:inventree_project:inventree:1.2.6
Inventree Project » Inventree » Version: 1.2.8

cpe:2.3:a:inventree_project:inventree:1.2.8
Inventree Project » Inventree » Version: 1.2.9

cpe:2.3:a:inventree_project:inventree:1.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-39362

Products

Pricing

Contact Us