This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+13 more
Affected surfaces
ReleasePort's take
Moderate signalMeilisearch v1.43.1 patches an authenticated SSRF vulnerability in request handling. Operators should upgrade to eliminate this attack surface.
Why it matters: Upgrade to v1.43.1 to eliminate the authenticated SSRF vulnerability affecting request handling. Exploitation requires authentication; address to reduce attack surface.
Summary
AI summaryAuthenticated SSRF vulnerability fixed
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Authenticated SSRF vulnerability fixed in v1.43.1. Authenticated SSRF vulnerability fixed in v1.43.1. Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
Meilisearch v1.43.1 contains a security fix for an authenticated SSRF vulnerability.
No exploitation was found on Meilisearch Cloud. Cloud users are not required to update.
We recommend that self-hosting users upgrade if they allow third parties to configure Meilisearch instances.
We thank Sion Park (@tldhs1144), who reported the issue and suggested a fix, for improving the security of Meilisearch ❤️
Security Fixes
- Authenticated SSRF vulnerability fixed
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About meilisearch
A lightning-fast search engine API bringing AI-powered hybrid search to your sites and applications.
Related context
Beta — feedback welcome: [email protected]