How severe is CVE-2023-26438?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2023-26438?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2023-26438 - LOW Severity | CVSS 3.1

Vulnerability Description

External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known.

Related Vulnerabilities

CVE-2016-6001

LOW

CVSS:3.1(Low)

IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.

CWE-9182016

CVE-2024-43379

LOW

CVSS:3.1(Low)

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make...

CWE-9182024

CVE-2023-26442

LOW

CVSS:3.2(Low)

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the ca...

CWE-9182023

CVE-2020-14328

LOW

CVSS:3.3(Low)

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal serv...

CWE-9182020

CVE-2025-29446

LOW

CVSS:3.3(Low)

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.

CWE-9182025

CVE-2025-47936

LOW

CVSS:3.3(Low)

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cro...

CWE-9182025