A vulnerability was found in sourcentis mercator up to 2025.05.18 . It has been declared as critical . This affects the function testProvider of the file /admin/config/parameters . Executing a manipulation can lead to server-side request forgery. This vulnerability is registered as CVE-2026-49345 . It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.