CVE-2026-3163
CWE-918Published: February 25, 2026· Updated: Feb 25, 2026
Official Description
A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Technical Analysis
CVE-2026-3163 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
A successful exploit results in complete confidentiality breach (data exposure), with a CVSS base score of 7.5.
A proof-of-concept (PoC) exploit exists for CVE-2026-3163. While not yet confirmed in active campaigns, the availability of PoC code increases exploitation risk substantially.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
News & Research Mentioning CVE-2026-3163
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had [xlite_meta score:50 src:The Hacker News xlite_fp:fb08919f9511ce57370c582ad040b6b21c321417564141ae2171cdafa979724d]
All References (5)
Quick Facts
Related CVEs (CWE-918)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-3163 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts