SSRF in Danpros Htmly
CVE-2026-57940
HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly to file_get_contents() without any vali…
Vulnerability class: SSRF (Server-Side Request Forgery)
Affected products
- Danpros Htmly — versions 3.1.1