CVE-2026-25991

HIGH EPSS 20.1%
Published Feb 13, 20264mo ago · Modified Jun 17, 20262w ago
7.7 CVSS 3.1
High
Find Similar
Published Feb 13, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL after following HTTP redirects, allowing any authenticated user (including standard users without administrative privileges) to force the server to connect to arbitrary internal or external resources. The vulnerability lies in cookbook/integration/cookmate.py, within the Cookmate integration class. This vulnerability can be leveraged to scan internal network ports, access cloud instance metadata (e.g., AWS/GCP Metadata Service), or disclose the server's real IP address. This vulnerability is fixed in 2.5.1.

CVSS Details

Base Score
7.7
Exploitability
3.1
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
20.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
tandoorrecipes* <2.5.1

References 3

  • github.com https://github.com/TandoorRecipes/recipes/commit/fdf22c5e745740db1fec29d6b4bd3df5d340e6ab
    Patch
  • github.com https://github.com/TandoorRecipes/recipes/releases/tag/2.5.1
    ProductRelease Notes
  • github.com https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-j6xg-85mh-qqf7
    ExploitMitigationVendor Advisory

Remediation

  • github.com https://github.com/TandoorRecipes/recipes/commit/fdf22c5e745740db1fec29d6b4bd3df5d340e6ab
    Patch