SSRF in Saloonphp Saloon

CVE-2026-33182

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absol…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (9.7th percentile) — read the EPSS interpretation.

Affected products

Saloonphp Saloon — versions < 4.0.0

Weakness classification (CWE)

References

https://github.com/saloonphp/saloon/security/advisories/GHSA-c83f-3xp6-hfcp (x_refsource_CONFIRM)
https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 (x_refsource_MISC)