CNNVD-202601-2907 Information

Jan 17, 2026 cve

CNNVD ID

CNNVD-202601-2907

CVE-2026-1062

CNNVD Published: 2026-01-17

Description (Chinese)

TMS是weicheng个人开发者的一个基于频道模式的团队沟通协作 + 轻量级任务看板。 TMS 2.28.0及之前版本存在代码问题漏洞，该漏洞源于对文件src/main/java/com/lhjz/portal/util/HtmlUtil.java中函数Summary的参数url的错误操作，可能导致服务端请求伪造。

Description (English)

TMS is a channel-based team communication collaboration of the Weicheng personal developer + lightweight task board. TMS 2.28.0 and previous versions had a code problem loophole, which stemmed from an error in the url function Summary of the src/main/java/com/lhjz/portal/util/HtmlUtil.java, which could result in the forgery of service requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2026-01-17

Last Modified

2026-02-24

References

https://vuldb.com/?id.341630 https://vuldb.com/?ctiid.341630 https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/SSRF%EF%BC%881%EF%BC%89.md https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/SSRF%EF%BC%882%EF%BC%89.md https://vuldb.com/?submit.731242 https://vuldb.com/?submit.731241 https://access.redhat.com/security/cve/cve-2026-1062

Share on: