A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2ApplicationCWE-918
Typecho Ping Back Service Endpoint Service.php sendPingHandle server-side request forgery
Problem type
Affected products
Typecho
1.0 - AFFECTED
1.1 - AFFECTED
1.2 - AFFECTED
1.3.0 - AFFECTED
References
VDB-359605 | Typecho Ping Back Service Endpoint Service.php sendPingHandle server-side request forgery
https://vuldb.com/vuln/359605
VDB-359605 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/359605/cti
Submit #797772 | Typecho 1.3.0 and earlier Server-Side Request Forgery
https://vuldb.com/submit/797772
wang1rrr.github.io
https://wang1rrr.github.io/2026/03/04/CVE-Report-Typecho-v1-3-0-SSRF/
GitHub Security Advisories
GHSA-8rj6-jxxp-67pg
A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service...
https://github.com/advisories/GHSA-8rj6-jxxp-67pgA vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-7025
vuldb.com
https://vuldb.com/submit/797772
vuldb.com
https://vuldb.com/vuln/359605
vuldb.com
https://vuldb.com/vuln/359605/cti
wang1rrr.github.io
https://wang1rrr.github.io/2026/03/04/CVE-Report-Typecho-v1-3-0-SSRF
github.com
https://github.com/advisories/GHSA-8rj6-jxxp-67pg
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-7025Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-7025",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-04-26T07:00:17.124Z",
"dateReserved": "2026-04-25T14:11:33.523Z",
"datePublished": "2026-04-26T07:00:17.124Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-04-26T07:00:17.124Z"
},
"title": "Typecho Ping Back Service Endpoint Service.php sendPingHandle server-side request forgery",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "n/a",
"product": "Typecho",
"cpes": [
"cpe:2.3:a:typecho:typecho:*:*:*:*:*:*:*:*"
],
"modules": [
"Ping Back Service Endpoint"
],
"versions": [
{
"version": "1.0",
"status": "affected"
},
{
"version": "1.1",
"status": "affected"
},
{
"version": "1.2",
"status": "affected"
},
{
"version": "1.3.0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Server-Side Request Forgery",
"cweId": "CWE-918",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/359605",
"name": "VDB-359605 | Typecho Ping Back Service Endpoint Service.php sendPingHandle server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/359605/cti",
"name": "VDB-359605 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/submit/797772",
"name": "Submit #797772 | Typecho 1.3.0 and earlier Server-Side Request Forgery",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://wang1rrr.github.io/2026/03/04/CVE-Report-Typecho-v1-3-0-SSRF/",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 7.5
}
}
],
"timeline": [
{
"time": "2026-04-25T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-04-25T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-04-25T16:16:54.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "wang1r (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "VulDB CNA Team",
"type": "coordinator"
}
]
}
}
}