CVE-2026-3588 PUBLISHED

Server-Side Request Forgery (SSRF) in ikea dirigera

Assigner: Nozomi
Reserved: 05.03.2026 Published: 09.03.2026 Updated: 09.03.2026

A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.

Metrics

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
CVSS Score: 7.5

Product Status

Vendor ikea
Product dirigera
Versions Default: unaffected
  • affected from 0 to 2.866.4 (incl.)

Credits

  • Luca Borzacchiello at Nozomi Networks finder

References

Problem Types

  • CWE-918 Server-Side Request Forgery (SSRF) CWE

Impacts

  • CAPEC-664 Server Side Request Forgery