All 5 CVE vulnerabilities found in v2, with AI-generated Chinese analysis, references, and POCs.
Vendor: miniflux
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-21885 | Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources CWE-918 | 6.5 | Medium | 2026-01-08 |
| CVE-2025-67713 | Miniflux 2 has an Open Redirect via protocol-relative `redirect_url` CWE-601 | 6.1AI | MediumAI | 2025-12-11 |
| CVE-2025-31483 | Stored XSS in Miniflux Media Proxy due to improper Content-Security-Policy configuration CWE-79 | 6.1AI | MediumAI | 2025-04-03 |
| CVE-2023-27591 | Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics CWE-1220 | 7.5 | High | 2023-03-17 |
| CVE-2023-27592 | Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler CWE-79 | 4.8 | Medium | 2023-03-17 |
All 5 known CVE vulnerabilities affecting v2 with full Chinese analysis, references, and POCs where available.