postiz-app — Vulnerabilities & Security Advisories 6

All 6 CVE vulnerabilities found in postiz-app, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40487	Postiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSS CWE-79	8.9	High	2026-04-18
CVE-2026-40168	Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream CWE-918	8.2	High	2026-04-10
CVE-2026-34590	Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation CWE-918	5.4	Medium	2026-04-02
CVE-2026-34577	Postiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check CWE-918	8.6	High	2026-04-02
CVE-2026-34576	Postiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata CWE-918	6.5^AI	Medium^AI	2026-04-02
CVE-2025-53641	Postiz allows header mutation in middleware facilitates resulting in SSRF CWE-918	8.2	High	2025-07-11

All 6 known CVE vulnerabilities affecting postiz-app with full Chinese analysis, references, and POCs where available.