Vulnerability DatabaseCVE-2026-42860
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-42860
Published:May 11, 2026
Updated:May 16, 2026
The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger a server-side HTTP request by calling sync_provider_data. The fetch in fetch_metadata_xml() passes the URL directly to requests.get() with no scheme enforcement, IP filtering, or timeout. This vulnerability is fixed in 7.0.5.
Affected Packages
https://github.com/openedx/edx-enterprise.git (GITHUB):
Affected version(s) >=7.0.2 <7.0.5
Fix Suggestion:
Update to version 7.0.5
edx-enterprise (PYTHON):
Affected version(s) >=7.0.2 <7.0.5
Fix Suggestion:
Update to version 7.0.5
Related Resources (3)
https://github.com/openedx/edx-enterprise
https://github.com/openedx/edx-enterprise/security/advisories/GHSA-64cv-vxpr-j6vc
https://nvd.nist.gov/vuln/detail/CVE-2026-42860
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.4
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Server-Side Request Forgery (SSRF)
CWE-918
EPSS
Base Score:
0.03