Vulnerability Details CVE-2026-9813
FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specified destination. Due to insufficient validation of the URL scheme and resolved destination address, affected versions may allow requests to loopback, link-local, private, reserved, or other restricted network resources, potentially enabling interaction with internal services or cloud metadata endpoints from the server's network context.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.8%
CVSS Severity
CVSS v3 Score 9.9
Products affected by CVE-2026-9813
-
cpe:2.3:a:flowintel:flowintel:0.0.1
-
cpe:2.3:a:flowintel:flowintel:0.1.0
-
cpe:2.3:a:flowintel:flowintel:0.2.0
-
cpe:2.3:a:flowintel:flowintel:0.2.1
-
cpe:2.3:a:flowintel:flowintel:0.3.0
-
cpe:2.3:a:flowintel:flowintel:0.4.0
-
cpe:2.3:a:flowintel:flowintel:0.5.0
-
cpe:2.3:a:flowintel:flowintel:0.5.1
-
cpe:2.3:a:flowintel:flowintel:0.6.0
-
cpe:2.3:a:flowintel:flowintel:0.7.0
-
cpe:2.3:a:flowintel:flowintel:0.8.0
-
cpe:2.3:a:flowintel:flowintel:1.0.0
-
cpe:2.3:a:flowintel:flowintel:1.1.0
-
cpe:2.3:a:flowintel:flowintel:1.2.0
-
cpe:2.3:a:flowintel:flowintel:1.3.0
-
cpe:2.3:a:flowintel:flowintel:1.3.1
-
cpe:2.3:a:flowintel:flowintel:1.4.0
-
cpe:2.3:a:flowintel:flowintel:1.4.1
-
cpe:2.3:a:flowintel:flowintel:1.5.0
-
cpe:2.3:a:flowintel:flowintel:1.6.0
-
cpe:2.3:a:flowintel:flowintel:1.6.1
-
cpe:2.3:a:flowintel:flowintel:1.6.2
-
cpe:2.3:a:flowintel:flowintel:2.0.0
-
cpe:2.3:a:flowintel:flowintel:2.1.0
-
cpe:2.3:a:flowintel:flowintel:2.1.1
-
cpe:2.3:a:flowintel:flowintel:2.2.1
-
cpe:2.3:a:flowintel:flowintel:2.3.0
-
cpe:2.3:a:flowintel:flowintel:3.0.0
-
cpe:2.3:a:flowintel:flowintel:3.1.0
-
cpe:2.3:a:flowintel:flowintel:3.2.0