CVE-2026-10068 | Shibby Tomato 1.28 SUBSCRIBE Call usr/sbin/miniupnpd send server-side request forgery
ID: 755e1b1f-4480-5c1f-94e4-a6f6d6cf2fae
STIX ID: report--755e1b1f-4480-5c1f-94e4-a6f6d6cf2fae
Feed Name: VulDB Recent Entries
Threat Score
A critical unauthenticated server-side request forgery (SSRF) vulnerability (CVE-2026-10068) was disclosed in Shibby Tomato 1.28 affecting the SUBSCRIBE call handler's send function in miniupnpd; it is rated ~7.1 CVSS, remotely exploitable, no public exploit currently available, and the project is no longer supported (superseded by FreshTomato).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.