CVE-2026-10068
HIGH
NVD
CVSS Score
7.3
Severity
HIGH
Published
May 29, 2026
Vendor
unknown
Description
A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.