← Back
2026-05-29 15:45CVE-2026-10068VulDB
PUBLISHED5.2ApplicationCWE-918unsupported-when-assigned

Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

Problem type

Affected products

Shibby

Tomato

1.28 - AFFECTED

References

VDB-367154 | Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

https://vuldb.com/vuln/367154

vdb-entrytechnical-description
VDB-367154 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/367154/cti

signaturepermissions-required
Submit #818237 | Tomato by Shibby Tomato Firmware 1.28 Out-of-Bounds Read

https://vuldb.com/submit/818237

third-party-advisory
gitee.com

https://gitee.com/Fengyi-Wang/CVE/issues/IJD8SS

issue-tracking

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-10068
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-10068",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-05-29T17:11:09.721Z",
    "dateReserved": "2026-05-29T08:32:34.889Z",
    "datePublished": "2026-05-29T15:45:10.793Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-05-29T15:45:10.793Z"
      },
      "title": "Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer."
        }
      ],
      "affected": [
        {
          "vendor": "Shibby",
          "product": "Tomato",
          "cpes": [
            "cpe:2.3:a:shibby:tomato:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "SUBSCRIBE Call Handler"
          ],
          "versions": [
            {
              "version": "1.28",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Server-Side Request Forgery",
              "cweId": "CWE-918",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/367154",
          "name": "VDB-367154 | Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/367154/cti",
          "name": "VDB-367154 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/818237",
          "name": "Submit #818237 | Tomato by Shibby Tomato Firmware 1.28 Out-of-Bounds Read",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://gitee.com/Fengyi-Wang/CVE/issues/IJD8SS",
          "tags": [
            "issue-tracking"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-05-29T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-05-29T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-05-29T10:38:09.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "VulDB Gitee Analyzer",
          "type": "tool"
        },
        {
          "lang": "en",
          "value": "VulDB CNA Team",
          "type": "coordinator"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-05-29T17:11:09.721Z"
        },
        "title": "CISA ADP Vulnrichment",
        "references": [
          {
            "url": "https://gitee.com/Fengyi-Wang/CVE/issues/IJD8SS",
            "tags": [
              "exploit"
            ]
          }
        ],
        "metrics": [
          {}
        ]
      }
    ]
  }
}