top of page
perceptive_background_267k.jpg

A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the comp…

Published:

25 April 2026 at 22:00:00

Alert date:

26 April 2026 at 09:00:45

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A server-side request forgery (SSRF) vulnerability was discovered in Typecho versions up to 1.3.0. The vulnerability affects the Service::sendPingHandle function in the Ping Back Service Endpoint component. Attackers can manipulate the X-Pingback/link argument to perform SSRF attacks remotely. The exploit has been publicly disclosed and is available for use. The vendor was notified but did not respond to the disclosure.

Technical details

Mitigation steps:

Affected products:

Typecho

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7025
https://vuldb.com/submit/797772
https://vuldb.com/vuln/359605
https://vuldb.com/vuln/359605/cti
https://wang1rrr.github.io/2026/03/04/CVE-Report-Typecho-v1-3-0-SSRF/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page