CVE-2026-4528
HIGH
7.3
Our Analysis: esv
Our model has classified this vulnerability as relevant to esv Systems, helping your team prioritize efforts effectively.
Published Date
March 21, 2026
Last Modified
March 21, 2026
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Description
A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.