All 3 CVE vulnerabilities found in Ech0, with AI-generated Chinese analysis, references, and POCs.
Vendor: lin-snow
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35037 | Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata CWE-918 | 7.2 | High | 2026-04-06 |
| CVE-2026-35036 | Ech0 Affected by Unauthenticated Server-Side Request Forgery in Website Preview Feature CWE-918 | 7.5 | High | 2026-04-06 |
| CVE-2026-33638 | Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint CWE-862 | 5.3 | Medium | 2026-03-26 |
All 3 known CVE vulnerabilities affecting Ech0 with full Chinese analysis, references, and POCs where available.