Project: 
Date: 
2026-June-24
Vulnerability: 
Server-side Request Forgery
Affected versions: 
<1.1.1 || >=1.2.0 <1.2.2
CVE IDs: 
CVE-2026-13233
Description: 

This module enables you to use OpenAI as a provider for the AI module.

The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery (SSRF) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have the access to change the host url and a way to generate AI-generated images.

Solution: 

Install the latest version:

Coordinated By: