CVEFinder.io

CVE-2026-8725

⚠️ high
🔍 Scan for this CVE
Summary

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Score
7.3
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-17
First Seen: 2026-05-18
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 55.6% of all 321,566 vulnerabilities in our database.

#142,887
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 18, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
CPT_Penner (VulDB User) (reporter) VulDB CNA Team (coordinator)
SSVC data provided by CISA
Last Modified 2026-05-18
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-918

📦 Affected Products 0

No affected products information available

🔗 References 4

https://github.com/juruo123/public_exp/issues/5
https://vuldb.com/submit/807753
https://vuldb.com/vuln/364316
https://vuldb.com/vuln/364316/cti