Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to vulnerabilities
Unrated

SSRF in Pinpoint webhook registration endpoint

IdentifiersCVE-2026-57947CWE-918

CVE-2026-57947 is a server-side request forgery vulnerability affecting Pinpoint through version 3.1.0. The flaw is in the webhook registration endpoint, where missing SSRF protections allow an authenticated user to register internal or otherwise unsafe callback URLs. By subsequently triggering alarm threshold breaches, an attacker can cause the Pinpoint server to issue outbound HTTP POST requests to attacker-chosen internal hosts or cloud metadata endpoints. This can expose internal network resources that are not directly reachable by the attacker and may allow interaction with sensitive internal services.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an authenticated attacker to use the Pinpoint server as an SSRF primitive to reach internal network resources and metadata services. Depending on the environment, this can result in unauthorized access to internal-only endpoints, exposure of sensitive metadata, interaction with trusted internal services, and potential downstream compromise of confidentiality, integrity, and availability of internal systems.

Mitigation

If you can’t patch tonight, do this now.

As interim mitigation, restrict who can register or modify webhooks, block the Pinpoint server from reaching internal-only hosts and cloud metadata endpoints via egress filtering, and segment critical internal services so the application server cannot access them unnecessarily. Apply rigorous URL validation for webhook targets and monitor for suspicious webhook registrations and unexpected outbound POST requests originating from Pinpoint.

Remediation

Patch, then assume compromise.

Upgrade Pinpoint to a version that includes SSRF protections for webhook registration, if a fixed release is available. The vulnerable behavior should be corrected by enforcing strict validation and allowlisting of webhook destinations, rejecting loopback, link-local, RFC1918, and cloud metadata addresses, and preventing redirects to disallowed targets. Review existing registered webhooks and remove any unsafe internal destinations.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-57947
NVD
nvd.nist.gov/vuln/detail/CVE-2026-57947
MITRE CWE · CWE-918
cwe.mitre.org