CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-57947

highCVSS 8.5covered by 1 sourcefirst seen 2026-06-29
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources.

⚡ Watch CVE-2026-57947

Get an email if CVE-2026-57947 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-57947

CVE.org record

Embed the live status

CVE-2026-57947 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-57947 status](https://www.csirts.com/badge/CVE-2026-57947)](https://www.csirts.com/cve/CVE-2026-57947)