Nixpkgs security tracker

Untriaged

Permalink CVE-2026-6215

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 day, 2 hours ago

DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-357134 | DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery vdb-entrytechnical-description
VDB-357134 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #785836 | DbGate DbGate Premium 7.1.4 Server-Side Request Forgery third-party-advisory

Affected products

DbGate

==7.1.0
==7.1.3
==7.1.4
==7.1.2
==7.1.1

Matching in nixpkgs

pkgs.dbgate

Database manager for MySQL, PostgreSQL, SQL Server, MongoDB, SQLite and others

nixos-unstable 6.6.9
- nixpkgs-unstable 6.6.9
- nixos-unstable-small 6.6.9
nixos-25.11 6.6.9
- nixos-25.11-small 6.6.9
- nixpkgs-25.11-darwin 6.6.9

Package maintainers

@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.dbgate

Package maintainers