CVE-2026-32301CRITICALCVSS 9.3fixed in 6.7.02026-03-13
CVE-2026-32301 [CRITICAL] CWE-918 CVE-2026-32301: Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vuln
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. {{tenant}}). An unauthenticated attacker can craft a JWT with a malicious iss or aud claim value that gets interpolated into
cvelistv5nvd