AI Threat Alert

CVE-2026-57947

HIGH
Published June 29, 2026

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to...

Full CISO analysis pending enrichment.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
Microsoft APM pip No patch
3.0K Pushed yesterday 50% patched ~1d to patch Full package profile →

Do you use Microsoft APM? You're affected.

How severe is it?

CVSS 3.1
8.5 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC Low
PR Low
UI None
S Changed
C High
I Low
A None

What should I do?

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Which compliance frameworks are affected?

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-57947?

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources.

Is CVE-2026-57947 actively exploited?

No confirmed active exploitation of CVE-2026-57947 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-57947?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-57947?

CVE-2026-57947 has a CVSS v3.1 base score of 8.5 (HIGH).

What are the technical details?

Original Advisory

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources.

Weaknesses (CWE)

CWE-918 Server-Side Request Forgery (SSRF)

CWE-918 — Server-Side Request Forgery (SSRF): The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

References

Timeline

Published
June 29, 2026
Last Modified
June 29, 2026
First Seen
June 29, 2026

Related Vulnerabilities

CRITICAL CVE-2026-46858 9.1

Oracle APM: unauthenticated write/DoS via JVM Diagnostics

Same package: apm
HIGH CVE-2026-45539 7.4

Microsoft APM: symlink attack leaks host files in agent deps

Same package: apm
MEDIUM CVE-2026-57948 6.8

Analysis pending

Same package: apm
MEDIUM GHSA-rf84-wr5g-m3rp 5.5

CAPM3: cross-namespace auth bypass exposes K8s secrets

Same package: apm
MEDIUM CVE-2026-55375 5.3

canto-saas-api: OAuth credentials logged via query params

Same package: apm
Back to Threat Feed