Vulnerability Report

CVE-2026-35037

Title: SSRF in Ech0 GET /api/website/title endpoint

SSRF

Proof Of Concept

PoC Available for CVE-2026-35037

CWE Category CWE-918
Published Date Apr 06, 2026
Modified Date Apr 22, 2026
Exploit Status Available
Score 7.2 CVSS v3.1
Exploit Probability (EPSS)
0.29%

Vulnerability Summary

CVE-2026-35037: Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network services, cloud metadata endpoints (169.254.169.254), and localhost-bound services, with partial response data exfiltrated via the HTML <title> tag extraction This vulnerability is fixed in 4.2.8.

Impacted Vendors

E
ech0 1

Reference Links

https://github.com/lin-snow/Ech0/security/advisories/GHSA-cqgf-f4x7-g6wc
CVSS v3.1
Source Entity [email protected]
Severity HIGH
7.2
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
CHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-35037 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/fineman999/POC_CVE-2026-35037
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected Stack

No specific products linked.