SSRF in Bubka 2fauth

CVE-2026-32133

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (25.2th percentile) — read the EPSS interpretation.