CVE-2026-3270
published 2026-02-27CVE-2026-3270: A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.36%
28.1th percentile
A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| psi-probe | psi_probe | <= 5.3.0 | — |
| psi-probe | psi_probe | — | — |
| psi-probe | psi_probe | — | — |
| psi-probe | psi_probe | — | — |
| psi-probe | psi_probe | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable function is `lookup` in the Whois component of PSI Probe; monitor for SSRF-indicative HTTP requests originating from the PSI Probe application server targeting internal/non-public hosts via this code path. ↗
- →Flag any PSI Probe instance (com.github.psi-probe:psi-probe-core) at version 5.3.0 or below as vulnerable to SSRF via the Whois lookup function; no vendor fix is confirmed as of Mar 05, 2026. ↗
- →A public exploit exists for this SSRF vulnerability; treat any observed exploitation attempts against PSI Probe Whois functionality as high-priority incidents. ↗
- ·The vendor did not respond to early disclosure; no official patch or advisory is available, so mitigations must rely on network-level controls or removal of the Whois component. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
PSI Probe vulnerable to Server-Side Request Forgery
osv·2026-02-27
CVE-2026-3270 [LOW] PSI Probe vulnerable to Server-Side Request Forgery
PSI Probe vulnerable to Server-Side Request Forgery
A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
GHSA
PSI Probe vulnerable to Server-Side Request Forgery
ghsa·2026-02-27
CVE-2026-3270 [LOW] CWE-918 PSI Probe vulnerable to Server-Side Request Forgery
PSI Probe vulnerable to Server-Side Request Forgery
A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
2026-02-27
Published