THREAT OPS › Threat News › [GHSA] GHSA-4chg-4752-w88r (high) — NukeViet: Pre-authentication SSRF via X-Forwarded-Host
[GHSA] GHSA-4chg-4752-w88r (high) — NukeViet: Pre-authentication SSRF via X-Forwarded-Host
GHSA-4chg-4752-w88r Severity: high CVE: CVE-2026-55372
NukeViet: Pre-authentication SSRF via X-Forwarded-Host
## Summary
An unauthenticated attacker can coerce the server into issuing HTTP requests to an attacker-chosen host by spoofing the `X Forwarded-Host` (and `X-Forwarded-Proto`) request headers. The forwarded host is used, without validation, to build the URL that `server_info_update()` f
Indicators of compromise
- CVE-2026-55372cve
Original source: https://github.com/advisories/GHSA-4chg-4752-w88r