Xenforo 2.3.8 is vulnerable to SSRF. Attackers that have administrator privileges or are able to add/save RSS feeds can enumerate internal services (ports) or expose the original IP address of the server.
https://github.com/dennywise/CVE-2026-51833-Public-Disclosure/blob/main/CVE-2026-51833.md