Debian Miniflux vulnerabilities

2 known vulnerabilities affecting debian/miniflux.

Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-21885MEDIUMCVSS 6.5fixed in miniflux 2.2.16-1 (forky)2026
CVE-2026-21885 [MEDIUM] CVE-2026-21885: miniflux - Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's me... Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSRF). An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal address
debian
CVE-2025-67713MEDIUMCVSS 5.3fixed in miniflux 2.2.16-1 (forky)2025
CVE-2025-67713 [MEDIUM] CVE-2025-67713: miniflux - Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redire... Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15. Scope: lo
debian