CVE ID :CVE-2026-30242
Published : March 6, 2026, 10:16 p.m. | 2 hours, 35 minutes ago
Description :Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses (10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.). When webhook events fire, the server makes requests to these internal addresses and stores the response — enabling SSRF with full response read-back. This issue has been patched in version 1.2.3.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : March 6, 2026, 10:16 p.m. | 2 hours, 35 minutes ago
Description :Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses (10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.). When webhook events fire, the server makes requests to these internal addresses and stores the response — enabling SSRF with full response read-back. This issue has been patched in version 1.2.3.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-30242
Unknown
N/A
N/A
⚠️ Vulnerability Description:
1. IMMEDIATE ACTIONS
1. Isolate all potentially affected systems from the network. This includes placing them behind restrictive firewall rules, moving them to a quarantine VLAN, or temporarily shutting down non-essential network interfaces to prevent further compromise or data exfiltration.
2. Block all external network access to the vulnerable application and its underlying services. Configure network firewalls, Web Application Firewalls (WAFs), and load balancers to deny traffic to ports and services exposed by the application. Prioritize blocking traffic from untrusted sources.
3. Review application, web server (e.g., Apache, Nginx, IIS), and operating system logs for any signs of compromise. Look for unusual process execution, unexpected file modifications, outbound connections from the application's user account, suspicious authentication attempts, or large data transfers. Focus on logs from the period immediately preceding and following the disclosure of this vulnerability.
4. Take forensic snapshots or create disk images of affected systems before applying any changes, if a full compromise is suspected. This preserves evidence for later analysis.
5. Temporarily disable or restrict access to the specific functionality or endpoints within the application that are known to trigger the vulnerability, if identified and feasible without causing critical service disruption.
1. Isolate all potentially affected systems from the network. This includes placing them behind restrictive firewall rules, moving them to a quarantine VLAN, or temporarily shutting down non-essential network interfaces to prevent further compromise or data exfiltration.
2. Block all external network access to the vulnerable application and its underlying services. Configure network firewalls, Web Application Firewalls (WAFs), and load balancers to deny traffic to ports and services exposed by the application. Prioritize blocking traffic from untrusted sources.
3. Review application, web server (e.g., Apache, Nginx, IIS), and operating system logs for any signs of compromise. Look for unusual process execution, unexpected file modifications, outbound connections from the application's user account, suspicious authentication attempts, or large data transfers. Focus on logs from the period immediately preceding and following the disclosure of this vulnerability.
4. Take forensic snapshots or create disk images of affected systems before applying any changes, if a full compromise is suspected. This preserves evidence for later analysis.
5. Temporarily disable or restrict access to the specific functionality or endpoints within the application that are known to trigger the vulnerability, if identified and feasible without causing critical service disruption.
2. PATCH AND UPDATE INFORMATION
1. CVE-202
💡 AI-generated — review with a security professional before acting.View on NVD →