Postiz Security Advisories
All advisories
PSA-2026-04-SRGACVE-2024-343512026-04-19
7.5 High

High-Severity SSRF in Postiz App

High-Severity SSRF in Postiz App

Impact

A successful SSRF attack allows an attacker to:

  • Bypass firewalls to scan and interact with internal network services/ports.
  • Access sensitive cloud metadata services (e.g., AWS IMDS 169.254.169.254) to potentially leak instance credentials.
  • Pivot into the internal network environment where Postiz is hosted.

Workarounds

There are no workarounds known to this, please upgrade to Postiz version v2.21.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-34351 http://cwe.mitre.org/data/definitions/918.html https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g