CVE-2026-33126

Exploit

EPSS 0.04%
Veröffentlicht 20.03.2026 19:57:16
Zuletzt bearbeitet 23.03.2026 19:17:05
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery (SSRF) attacks. An attacker can use the Frigate server to make HTTP requests to internal network resources, cloud metadata services, or perform port scanning. This issue has been patched in version 0.16.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Frigate ≫ Frigate Version < 0.16.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.107

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3

Product

Release Notes

https://github.com/blakeblackshear/frigate/security/advisories/GHSA-j6g3-3j3q-c2xv

Vendor Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-33126

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33126

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33126

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33126