Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-32255

Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint
Back to all
CVE

CVE-2026-32255

Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch() server-side, and returns the full response body. An unauthenticated attacker can use this to make HTTP requests from the server to internal services, cloud metadata endpoints, or private network resources. This issue has been fixed in version 0.5.5. To workaround this issue, block or restrict access to /api/download/attatchment at the reverse proxy level (nginx, Cloudflare, etc.).

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.6
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
C
H
U
-

Related Resources

No items found.

References

https://github.com/kanbn/kan/releases/tag/v0.5.5, https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32255.json, https://github.com/kanbn/kan/security/advisories/GHSA-qrx8-9hc6-jvqg, https://nvd.nist.gov/vuln/detail/CVE-2026-32255, https://github.com/kanbn/kan/commit/53397d8e81dc1494d94132848c1f0416f1152bd7

Severity

8.6

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
8.6
EPSS Probability
0.00072%
EPSS Percentile
0.22085%
Introduced Version
0
Fix Available
2360c5075d0c194c405831aff05f515683a6cae7

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading