THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-4chg-4752-w88r (high) — NukeViet: Pre-authentication SSRF via X-Forwarded-Host

[GHSA] GHSA-4chg-4752-w88r (high) — NukeViet: Pre-authentication SSRF via X-Forwarded-Host

medgithub_advisoriesPublished 2026-07-13

GHSA-4chg-4752-w88r Severity: high CVE: CVE-2026-55372

NukeViet: Pre-authentication SSRF via X-Forwarded-Host

## Summary

An unauthenticated attacker can coerce the server into issuing HTTP requests to an attacker-chosen host by spoofing the `X Forwarded-Host` (and `X-Forwarded-Proto`) request headers. The forwarded host is used, without validation, to build the URL that `server_info_update()` f

Indicators of compromise

Original source: https://github.com/advisories/GHSA-4chg-4752-w88r