A vulnerability was found in xibosignage xibo-cms up to 4.4.0 . It has been rated as critical . Affected is an unknown function. This manipulation causes server-side request forgery. This vulnerability is tracked as CVE-2026-42141 . The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.