What is CVE-2026-44797?

CVE-2026-44797 is a high-severity vulnerability in Nautobot, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.5/10. Published 2026-05-28.

How severe is CVE-2026-44797?

High severity. CVSS v3 base score is 8.5 out of 10.

SSRF in Nautobot

CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various h…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (11.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N.

Affected products

Nautobot — versions >= 3.0.0a2, < 3.1.2, < 2.4.33
Networktocode Nautobot

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

security-advisories@github.com (x_refsource_CONFIRM, Patch, Mitigation, Vendor Advisory)
security-advisories@github.com (Patch, x_refsource_MISC)
security-advisories@github.com (Patch, x_refsource_MISC)
security-advisories@github.com (Product, x_refsource_MISC, Release Notes)
security-advisories@github.com (Product, x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2026-44797?: CVE-2026-44797 is a high-severity vulnerability in Nautobot, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.5/10. Published 2026-05-28.
How severe is CVE-2026-44797?: High severity. CVSS v3 base score is 8.5 out of 10.