QSearchQSearch

CVE-2026-44797

8.5 HIGH

Nautobot is a Network Source of Truth and Network Automation Platform

Published: 2026-05-28 · Last updated: 2026-05-29

Severity and scoring

CVSS
8.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
CWE
CWE-918

Affected products

VendorProduct
networktocodenautobot

Description

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF). This vulnerability is fixed in 2.4.33 and 3.1.2.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-44798 Nautobot is a Network Source of Truth and Network Automation Platform (7.1 HIGH)
  • CVE-2026-44796 Nautobot is a Network Source of Truth and Network Automation Platform (6.5 MEDIUM)
  • CVE-2026-44794 Nautobot is a Network Source of Truth and Network Automation Platform (5.4 MEDIUM)

Same CWE

  • CVE-2026-50131 Fedify is a TypeScript library for building federated server apps powered by ActivityPub (8.6 HIGH)
  • CVE-2026-50127 Weblate is a web based localization tool (5.9 MEDIUM)
  • CVE-2026-46683 Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page
  • CVE-2026-20252 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.1... (7.6 HIGH)
  • CVE-2026-48858 Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvali...