top of page
perceptive_background_267k.jpg

A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/uti…

Published:

2 juni 2026 om 22:00:00

Alert date:

3 juni 2026 om 23:00:33

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

A server-side request forgery vulnerability was discovered in CRMEB Java version 1.4. The vulnerability affects the RestTemplate.getForEntity function in the RestTemplateUtil.java file within the base64 QR code endpoint component. Attackers can manipulate the URL argument to perform SSRF attacks remotely. The exploit has been publicly disclosed and is available for use. The project maintainers were notified through an issue report but have not yet responded to the security concern.

Technical details

Mitigation steps:

Affected products:

CRMEB Java

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-10771
https://github.com/crmeb/crmeb_java/
https://github.com/crmeb/crmeb_java/issues/35
https://vuldb.com/cve/CVE-2026-10771
https://vuldb.com/submit/831421
https://vuldb.com/vuln/368137
https://vuldb.com/vuln/368137/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page