CVE-2026-63088

Stoatchat · Stoatchat

Stoatchat is susceptible to Server-Side Request Forgery (SSRF) via a bypass of the DNS-based IP blocklist, allowing for unauthorized internal network requests.

Executive summary

Stoatchat versions before 0.14.0 are vulnerable to SSRF, which could allow an attacker to interact with internal services or bypass perimeter security.

Vulnerability

This is a Server-Side Request Forgery (SSRF) vulnerability (CWE-918) where an unauthenticated attacker can bypass DNS-based IP blocklists. By manipulating requests, the attacker can force the server to make requests to unintended internal or external resources.

Business impact

An SSRF vulnerability can be leveraged to scan internal networks, access private APIs, or interact with cloud metadata services, leading to potential lateral movement or data exfiltration. The CVSS score of 8.6 reflects the high potential for impact on internal network security and the overall integrity of the application environment.

Remediation

Immediate Action: Update Stoatchat to version 0.14.0 to resolve the DNS-based IP blocklist bypass.

Proactive Monitoring: Monitor outbound traffic from the Stoatchat server for suspicious requests to internal IP addresses or sensitive local ports.

Compensating Controls: Utilize a Web Application Firewall (WAF) to filter malicious requests that attempt to exploit SSRF by probing internal network segments.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The presence of a proof-of-concept for this SSRF vulnerability significantly elevates the risk of exploitation. We strongly urge security teams to apply the update to version 0.14.0 immediately to prevent attackers from using the server as a proxy to reach internal network assets.