A vulnerability, which was classified as critical , has been found in danpros HTMLy 3.1.1 . This affects the function get_feed of the file system/admin/admin.php of the component URL Handler . Performing a manipulation of the argument feed_url results in server-side request forgery. This vulnerability is identified as CVE-2026-57940 . The attack can be initiated remotely. There is not any exploit available.