PulsePatch.io on Horizon: "Vulnerability in `soft-serve` allows SSRF via unvalidated LFS endpoint in repo i"

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

Vulnerability in `soft-serve` allows SSRF via unvalidated LFS endpoint in repo import (CVE-2026-30832). Potential internal network access. #SSRF #GitLFS #infosec pulsepatch.io/posts/cve-2026…

3:04 PM · Mar 23, 2026 · 43 Views