Published advisories
11 advisories published under Postiz.
PSA-2026-04-M1S0CVE-2026-423462026-04-28Postiz AppTOCTOU DNS rebinding bypasses all SSRF URL validation paths
TOCTOU DNS rebinding bypasses all SSRF URL validation paths
MediumPSA-2026-T0E4W0CVE-2026-425562026-04-27Postiz AppPostiz stored XSS in public preview page
Postiz stored XSS in public preview page
HighPSA-2026-04-1YDYCVE-2026-422982026-04-24Postiz AppArbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev
CriticalPSA-2026-04-6EZ5CVE-2026-401682026-04-22Postiz AppServer-Side Request Forgery via Redirect Bypass in /api/public/stream
Server-Side Request Forgery via Redirect Bypass in /api/public/stream
HighPSA-2026-04-5MVGCVE-2026-00032026-04-19Postiz AppUnrestricted File Upload via MIME Type Spoofing Leads to Stored XSS
Unrestricted File Upload via MIME Type Spoofing Leads to Stored XSS
CriticalPSA-2026-04-HVBMCVE-2026-345902026-04-19Postiz AppSSRF via Webhook Creation Endpoint Missing URL Safety Validation
SSRF via Webhook Creation Endpoint Missing URL Safety Validation
MediumPSA-2026-04-KT4WCVE-2026-345762026-04-19Postiz AppSSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata
SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata
MediumPSA-2026-04-422GCVE-2026-345772026-04-19Postiz AppUnauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check
Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check
HighPSA-2026-04-SRGACVE-2024-343512026-04-19Postiz AppHigh-Severity SSRF in Postiz App
High-Severity SSRF in Postiz App
HighPSA-2026-04-ZR1M2026-04-19Postiz AppMultiple SSRF Vectors - Webhooks, RSS Feed, URL Loader (CWE-918)
Multiple SSRF Vectors - Webhooks, RSS Feed, URL Loader (CWE-918)
HighPSA-2026-04-PY6VCVE-2025-536412026-04-19Postiz AppHeader mutation in middleware facilitates SSRF
Header mutation in middleware facilitates SSRF
High