GHSA-2JF5-6WWV-VHXX

Vulnerability from github – Published: 2026-05-05 18:13 – Updated: 2026-05-11 13:29

Summary

Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Details

Summary

A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler.

The serve() handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS, or DELETE fall through to a generic handler that returns diagnostic information. A change introduced in v3.22.0 caused this diagnostic response to include the contents of process.env, exposing any secrets, API keys, or credentials present in the environment.

Who is affected

An application is vulnerable if all of the following are true:

It uses inngest SDK version >= 3.22.0, <= 3.53.1 (inclusive)
Its serve() endpoint is reachable via PATCH, OPTIONS, or DELETE requests.

Please check your framework's implementation for the serve handler (documentation) to asses whether it handles these HTTP methods. Common vulnerable configurations include:

Next.js Pages Router, which forwards all HTTP methods to the handler.
Express via app.use('/api/inngest', serve(...)), which routes PATCH and OPTIONS to the handler by default.

The following are not affected:

Next.js App Router handlers that explicitly export only GET, POST, and PUT.
Applications using the connect worker method.
SDK versions < 3.22.0 and >= 3.54.0, including all 4.x releases.

The vulnerability was responsibly disclosed by an Inngest user. At this time, there are no known reports of exploitation.

Remediation

Upgrade to inngest@3.54.0 or later. The fix is backwards compatible with the 3.x release line. The 4.x line is also unaffected.
Rotate any secrets that were presence in environment variables (process.env) within affected environments including Inngest signing keys and event keys
Search logs for any requests to your serve endpoints using the PATCH, OPTIONS, DELETE http methods to assess if any environment variables may have been exposed.

Additional recommendations

Users on platforms with long-lived deployments (e.g. Vercel, Cloudflare Workers) should be aware that prior deployments remain reachable at their immutable URLs and may continue to expose the vulnerability even after a new deployment is promoted. For example, Vercel offers security features such as "Deployment Protection" and the ability to delete older deployments which can help immediately mitigate impact.

For additional security, users can also adjust firewall or proxy rules to only allow requests to their serve endpoint from Inngest IP addresses available here: http://inngest.com/ips-v4, http://inngest.com/ips-v6

Workarounds

If upgrading is not immediately possible, restrict the serve() endpoint at the framework or reverse-proxy layer to accept only GET, POST, and PUT. The Inngest serve() endpoint does not require any other HTTP methods.

Resources

Rotating Inngest keys: https://www.inngest.com/docs/platform/manage/rotating-keys
Inngest signing keys: https://www.inngest.com/docs/platform/signing-keys
Inngest event keys: https://www.inngest.com/docs/events/creating-an-event-key
Inngest security best practices: https://www.inngest.com/docs/learn/security

Credits

Ben Hylak - an independent security researcher, discovered and responsibly disclosed the vulnerability.

Severity ?

8.6 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "inngest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.22.0"
            },
            {
              "fixed": "3.54.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-497"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T18:13:52Z",
    "nvd_published_at": "2026-05-07T21:16:29Z",
    "severity": "HIGH"
  },
  "details": "# Summary\n\nA vulnerability in the Inngest TypeScript SDK versions `3.22.0` through `3.53.1` allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the `serve()` HTTP handler.\n\nThe `serve()` handler implements `GET`, `POST`, and `PUT` methods. Requests using `PATCH`, `OPTIONS`, or `DELETE` fall through to a generic handler that returns diagnostic information. A change introduced in `v3.22.0` caused this diagnostic response to include the contents of `process.env`, exposing any secrets, API keys, or credentials present in the environment.\n\n# Who is affected\n\nAn application is vulnerable if **all** of the following are true:\n\n- It uses `inngest` SDK version `\u003e= 3.22.0, \u003c= 3.53.1` (inclusive)\n- Its `serve()` endpoint is reachable via `PATCH`, `OPTIONS`, or `DELETE` requests.\n\nPlease check your framework\u0027s implementation for the serve handler ([documentation](https://www.inngest.com/docs/learn/serving-inngest-functions)) to asses whether it handles these HTTP methods. Common vulnerable configurations include:\n\n- Next.js Pages Router, which forwards all HTTP methods to the handler.\n- Express via `app.use(\u0027/api/inngest\u0027, serve(...))`, which routes `PATCH` and `OPTIONS` to the handler by default.\n\nThe following are **not** affected:\n\n- Next.js App Router handlers that explicitly export only `GET`, `POST`, and `PUT`.\n- Applications using the `connect` worker method.\n- SDK versions `\u003c 3.22.0` and `\u003e= 3.54.0`, including all `4.x` releases.\n\nThe vulnerability was responsibly disclosed by an Inngest user. At this time, there are no known reports of exploitation.\n\n# Remediation\n\n1. Upgrade to `inngest@3.54.0` or later. The fix is backwards compatible with the `3.x` release line. The `4.x` line is also unaffected.\n2. Rotate any secrets that were presence in environment variables (`process.env`) within affected environments including Inngest signing keys and event keys\n3. Search logs for any requests to your `serve` endpoints using the `PATCH`, `OPTIONS`, `DELETE` http methods to assess if any environment variables may have been exposed.\n\n## Additional recommendations\n\nUsers on platforms with long-lived deployments (e.g. Vercel, Cloudflare Workers) should be aware that prior deployments remain reachable at their immutable URLs and may continue to expose the vulnerability even after a new deployment is promoted. For example, Vercel offers security features such as \"[Deployment Protection](https://vercel.com/docs/deployment-protection#standard-protection)\" and [the ability to delete older deployments](https://vercel.com/kb/guide/how-do-i-delete-an-individual-deployment) which can help immediately mitigate impact.\n\nFor additional security, users can also adjust firewall or proxy rules to only allow requests to their `serve` endpoint from Inngest IP addresses available here: http://inngest.com/ips-v4, http://inngest.com/ips-v6\n\n### Workarounds\n\nIf upgrading is not immediately possible, restrict the `serve()` endpoint at the framework or reverse-proxy layer to accept only `GET`, `POST`, and `PUT`. The Inngest `serve()` endpoint does not require any other HTTP methods.\n\n### Resources\n\n- Rotating Inngest keys: https://www.inngest.com/docs/platform/manage/rotating-keys\n- Inngest signing keys: https://www.inngest.com/docs/platform/signing-keys\n- Inngest event keys: https://www.inngest.com/docs/events/creating-an-event-key\n- Inngest security best practices: https://www.inngest.com/docs/learn/security\n\n### Credits\n\n- Ben Hylak - an independent security researcher, discovered and responsibly disclosed the vulnerability.",
  "id": "GHSA-2jf5-6wwv-vhxx",
  "modified": "2026-05-11T13:29:55Z",
  "published": "2026-05-05T18:13:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/inngest/inngest-js/security/advisories/GHSA-2jf5-6wwv-vhxx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42047"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/inngest/inngest-js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/inngest/inngest-js/releases/tag/inngest%403.54.1"
    },
    {
      "type": "WEB",
      "url": "https://vercel.com/docs/deployment-protection#standard-protection"
    },
    {
      "type": "WEB",
      "url": "https://vercel.com/kb/guide/how-do-i-delete-an-individual-deployment"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/events/creating-an-event-key"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/learn/security"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/learn/serving-inngest-functions"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/platform/manage/rotating-keys"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/platform/signing-keys"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods"
}

CVE-2026-42047 (GCVE-0-2026-42047)

Vulnerability from cvelistv5 – Published: 2026-05-07 20:38 – Updated: 2026-05-08 13:52

Title

Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Summary

Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler. The serve() handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS, or DELETE fall through to a generic handler that returns diagnostic information. A change introduced in v3.22.0 caused this diagnostic response to include the contents of process.env, exposing any secrets, API keys, or credentials present in the environment. An application is vulnerable if its serve() endpoint is reachable via PATCH, OPTIONS, or DELETE requests, which is common in setups like Next.js Pages Router or Express's app.use(...). Not affected are Next.js App Router handlers that export only GET, POST, and PUT, and applications using the connect worker method. This issue has been fixed in version 3.54.0. To work around this issue if upgrading is not immediately possible, restrict the serve() endpoint at the framework or reverse-proxy layer to accept only GET, POST, and PUT. The Inngest serve() endpoint does not require any other HTTP methods.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/inngest/inngest-js/security/ad…	x_refsource_CONFIRM
https://github.com/inngest/inngest-js/releases/ta…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
inngest	inngest-js	Affected: >= 3.22.0, < 3.54.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42047",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-08T13:52:40.509395Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-08T13:52:50.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "inngest-js",
          "vendor": "inngest",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.22.0, \u003c 3.54.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler. The serve() handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS, or DELETE fall through to a generic handler that returns diagnostic information. A change introduced in v3.22.0 caused this diagnostic response to include the contents of process.env, exposing any secrets, API keys, or credentials present in the environment. An application is vulnerable if its serve() endpoint is reachable via PATCH, OPTIONS, or DELETE requests, which is common in setups like Next.js Pages Router or Express\u0027s app.use(...). Not affected are Next.js App Router handlers that export only GET, POST, and PUT, and applications using the connect worker method. This issue has been fixed in version 3.54.0. To work around this issue if upgrading is not immediately possible, restrict the serve() endpoint at the framework or reverse-proxy layer to accept only GET, POST, and PUT. The Inngest serve() endpoint does not require any other HTTP methods."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T20:38:36.171Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/inngest/inngest-js/security/advisories/GHSA-2jf5-6wwv-vhxx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/inngest/inngest-js/security/advisories/GHSA-2jf5-6wwv-vhxx"
        },
        {
          "name": "https://github.com/inngest/inngest-js/releases/tag/inngest%403.54.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/inngest/inngest-js/releases/tag/inngest%403.54.1"
        }
      ],
      "source": {
        "advisory": "GHSA-2jf5-6wwv-vhxx",
        "discovery": "UNKNOWN"
      },
      "title": "Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42047",
    "datePublished": "2026-05-07T20:38:36.171Z",
    "dateReserved": "2026-04-23T16:05:01.709Z",
    "dateUpdated": "2026-05-08T13:52:50.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-2JF5-6WWV-VHXX

Summary

Who is affected

Remediation

Additional recommendations

Workarounds

Resources

Credits

CVE-2026-42047 (GCVE-0-2026-42047)

Tags

Sightings

Nomenclature