cbcvebase.
CVE-2026-3270
published 2026-02-27

CVE-2026-3270: A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file…

PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.36%
28.1th percentile
A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected

5 ranges
VendorProductVersion rangeFixed in
psi-probepsi_probe<= 5.3.0
psi-probepsi_probe
psi-probepsi_probe
psi-probepsi_probe
psi-probepsi_probe

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable function is `lookup` in the Whois component of PSI Probe; monitor for SSRF-indicative HTTP requests originating from the PSI Probe application server targeting internal/non-public hosts via this code path.
  • Flag any PSI Probe instance (com.github.psi-probe:psi-probe-core) at version 5.3.0 or below as vulnerable to SSRF via the Whois lookup function; no vendor fix is confirmed as of Mar 05, 2026.
  • A public exploit exists for this SSRF vulnerability; treat any observed exploitation attempts against PSI Probe Whois functionality as high-priority incidents.
  • ·The vendor did not respond to early disclosure; no official patch or advisory is available, so mitigations must rely on network-level controls or removal of the Whois component.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.