No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Sun, 19 Jul 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in 1Panel-dev CordysCRM up to 1.4.1. This issue affects some unknown processing of the file backend/crm/src/main/java/cn/cordys/crm/integration/sso/service/TokenService.java of the component Third Party Endpoint. Performing a manipulation of the argument mkAddress results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used. The project closed the issue report, stating that this is not the official way to report a security vulnerability. | |
| Title | 1Panel-dev CordysCRM Third Party Endpoint TokenService.java server-side request forgery | |
| First Time appeared |
1panel-dev
1panel-dev cordyscrm |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:1panel-dev:cordyscrm:*:*:*:*:*:*:*:* | |
| Vendors & Products |
1panel-dev
1panel-dev cordyscrm |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-19T06:45:09.639Z
Reserved: 2026-07-18T12:11:08.681Z
Link: CVE-2026-16222
No data.
No data.
No data.
OpenCVE Enrichment
No data.