CVE-2026-33126

Medium CVSS: 5.0

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery (SSRF) attacks. An attacker can use the Frigate server to make HTTP requests to internal network resources, cloud metadata services, or perform port scanning. This issue has been patched in version 0.16.3.

Vendor

Frigate

Product

Frigate

CWE

CWE-918

Yayın Tarihi

2026-03-20 20:16:48

Güncelleme

2026-03-23 19:17:05

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Frigate MEDIUM Frigate 2026

Referanslar

https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3 https://github.com/blakeblackshear/frigate/security/advisories/GHSA-j6g3-3j3q-c2xv

Benzer Kayıtlar

Medium

CVE-2026-33469

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, an aut…

Medium

CVE-2026-33470

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-…

High

CVE-2026-33125

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and be…

High

CVE-2026-33124

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Versions prior to 0.17.0-…

Critical

CVE-2026-25643

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critic…