Miniflux.App V2 vulnerabilities

5 known vulnerabilities affecting miniflux.app/v2.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-21885MEDIUM≥ 0, < 2.2.162026-01-07
CVE-2026-21885 [MEDIUM] CWE-918 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources ### Summary Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSRF). An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, inc
ghsaosv
CVE-2025-67713MEDIUM≥ 0, < 2.2.152025-12-10
CVE-2025-67713 [MEDIUM] CWE-601 Miniflux has an Open Redirect via protocol-relative redirect_url Miniflux has an Open Redirect via protocol-relative redirect_url ### Summary `redirect_url` is treated as safe when `url.Parse(...).IsAbs()` is false. Protocol-relative URLs like `//ikotaslabs.com` have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. ### Details - `url.Parse("//ikotaslabs.com")` => empty Scheme, Host="ikotaslabs.com". - `IsAbs()` ret
ghsaosv
CVE-2025-31483MEDIUM≥ 0, < 2.2.72025-04-04
CVE-2025-31483 [MEDIUM] CWE-79 Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration ## Summary Due to a weak Content Security Policy on the `/proxy/*` route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. ## Impact A malicious fe
ghsaosv
CVE-2023-27591HIGH≥ 0, < 2.0.432025-04-02
CVE-2023-27591 [HIGH] CWE-1220 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics ### Impact An unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` [configuration option](https://miniflux.app/docs/configuration.html#metrics-collector) is enabled and `METRICS_ALLOWED_NETWORKS` is set to `
ghsaosv
CVE-2023-27592MEDIUM≥ 2.0.25, < 2.0.432025-04-02
CVE-2023-27592 [MEDIUM] CWE-79 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler ### Impact Since [v2.0.25](https://github.com/miniflux/v2/releases/tag/2.0.25), Miniflux will automatically [proxy](https://miniflux.app/docs/configuration.html#proxy-images) images served over HTTP to prevent mixed content errors. When an outbound request made by the Go
ghsaosv