CVE-2026-42193 – Plunk SNS Webhook

CVSS 9.1 CRITICAL

“If you trust every webhook, attackers can rewrite your entire workflow.”

This patch addresses a critical webhook forgery vulnerability in Plunk affecting versions prior to 0.9.0. The issue allows unauthenticated attackers to send forged Amazon SNS webhook requests because the application fails to verify signatures, certificates, or source authenticity. This enables attackers to manipulate email workflows, unsubscribe users, alter delivery metrics, and potentially exhaust service resources.

CVE-2026-42193 has a CVSS score of 9.1, which is Critical severity. The vulnerability can be exploited remotely without authentication and requires minimal effort. It has been resolved in version 0.9.0 by enforcing proper validation of SNS messages.

Key Details

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
CWE Classification: CWE-347

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-42193 – Plunk SNS Webhook

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002