{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T15:38:37.455","vulnerabilities":[{"cve":{"id":"CVE-2026-32096","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T20:16:18.090","lastModified":"2026-06-17T10:35:07.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0."},{"lang":"es","value":"Plunk es una plataforma de correo electrónico de código abierto construida sobre AWS SES. Antes de la 0.7.0, existía una vulnerabilidad de falsificación de petición del lado del servidor (SSRF) en el gestor de webhook de SNS. Un atacante no autenticado podría enviar una petición manipulada que causaba que el servidor realizara una petición HTTP GET saliente arbitraria a cualquier host accesible desde el servidor. Esta vulnerabilidad está corregida en la 0.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"useplunk","product":"plunk","versions":[{"version":"< 0.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-12T20:00:03.818784Z","id":"CVE-2026-32096","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:useplunk:plunk:*:*:*:*:*:*:*:*","versionEndExcluding":"0.7.0","matchCriteriaId":"103B88DE-209C-4C17-A84C-D22222453E81"}]}]}],"references":[{"url":"https://github.com/useplunk/plunk/commit/b8f1ad9ab53c78f8ef063fdc125f397c8bfc7652","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/useplunk/plunk/security/advisories/GHSA-xpqg-p8mp-7g44","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}