Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites and files on the machine running FOG. This appears to be reachable without an authenticated web session when the request includes newService=1. The issue does not have a fixed release version at the time of publication.

INFO

Published Date :

2026-01-23T00:19:33.776Z

Last Modified :

2026-01-23T19:56:37.266Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24138 vulnerability.

Vendors Products
Fogproject
  • Fogproject
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24138.

URL Resource
https://github.com/FOGProject/fogproject/security/advisories/GHSA-79xw-c2qx-g7xj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact