CVE-2026-10068NVD

Vulnerability Summary

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

Severity Level

HIGH(7.3)

Published Date

May 29, 2026

Last Modified

May 29, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.05%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityLow

External References

https://vuldb.com/vuln/367154
https://vuldb.com/vuln/367154/cti
https://vuldb.com/submit/818237
https://gitee.com/Fengyi-Wang/CVE/issues/IJD8SS