What is CVE-2026-49345?

CVE-2026-49345 is a vulnerability in Sourcentis Mercator, classified under Server-Side Request Forgery (SSRF). Published 2026-06-19.

Is CVE-2026-49345 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Sourcentis Mercator

CVE-2026-49345

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in Mercator's CVE configuration panel (`/admin/config/paramet…

Vulnerability class: SSRF (Server-Side Request Forgery)

Affected products

Sourcentis Mercator — versions < 2025.05.19

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

Public proof-of-concept exploits

hadhub/CVE-2026-49345-Mercator-SSRF

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-49345?: CVE-2026-49345 is a vulnerability in Sourcentis Mercator, classified under Server-Side Request Forgery (SSRF). Published 2026-06-19.
Is CVE-2026-49345 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.