HIGH7.7CVE-2026-54493Koel: Authenticated Full-Read SSRF via Subsonic Internet Radio Stations from 0, < 9.7.0
HIGH7.7CVE-2026-47260Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs from 0, < 9.3.5
HIGH7.1CVE-2026-54491Koel: Incomplete fix for CVE-2026-47260 — systemic SSRF in podcast & radio fetch paths from 0, < 9.7.1
MEDIUM6.3Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail
from 0, < 9.7.1
MEDIUM4.3Koel: Authenticated Blind SSRF via Subsonic Podcast Channel Creation
from 0, < 9.7.0
—Koel: Full-read SSRF via podcast enclosure URL: isPublicHost() filter_var guard does not reject NAT64 (64:ff9b::/96) or 6to4 (2002::/16) IPv6-transition wrappers of internal IPv4
from 0, < 9.7.1
—Improper rate limiting in Koel
from 0, < 5.1.4