A vulnerability was found in karakeep-app karakeep up to 0.31.x . It has been declared as critical . The impacted element is an unknown function of the component HTTP Handler . The manipulation results in server-side request forgery. This vulnerability was named CVE-2026-45082 . The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.