A malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported.
{ "cwe_ids": [ "CWE-841" ], "github_reviewed": true, "nvd_published_at": "2025-05-23T16:15:27Z", "github_reviewed_at": "2025-05-23T16:11:14Z", "severity": "LOW" }