GHSA-GJXX-92W9-8V8F

Vulnerability from github – Published: 2026-03-27 19:58 – Updated: 2026-04-06 16:44
VLAI?
Summary
Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host
Details

Summary

The clerkFrontendApiProxy function in @clerk/backend is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can craft a request path that causes the proxy to send the application's Clerk-Secret-Key to an attacker-controlled server.

Affected packages

Only applications that have opted into the frontendApiProxy feature are affected. This feature is not enabled by default. Users of @clerk/nextjs are not affected due to how the framework handles repeated / in request paths.

Package Affected versions Fixed version
@clerk/backend >= 3.0.0, <= 3.2.2 3.2.3
@clerk/express >= 2.0.0, <= 2.0.6 2.0.7
@clerk/hono >= 0.1.0, <= 0.1.4 0.1.5
@clerk/fastify >= 3.1.0, <= 3.1.4 3.1.5

Search your codebase for the frontendApiProxy option. If none of the patterns below appear in your code, you are not affected.

@clerk/express

app.use(clerkMiddleware({ frontendApiProxy: { enabled: true } }));

@clerk/hono

app.use('*', clerkMiddleware({ frontendApiProxy: { enabled: true } }));

@clerk/fastify

fastify.register(clerkPlugin, { frontendApiProxy: { enabled: true } });

@clerk/backend

import { clerkFrontendApiProxy } from '@clerk/backend/proxy';

A quick way to check across your entire project:

grep -r "frontendApiProxy\|clerkFrontendApiProxy" .

If there are no matches, you are not using this feature.

Recommended actions

Clerk's internal logs show no evidence of users utilizing the built-in proxy with the impacted versions. Despite that, if you are on an impacted version and use the built-in proxy we recommend upgrading and rotating your Clerk Secret Key immediately.

  1. Upgrade to the patched version of @clerk/backend (and @clerk/express, @clerk/hono, etc.)
  2. Rotate your Clerk Secret Key after upgrading - if an attacker exploited this vulnerability, they may have captured your key. Rotate it in the Clerk Dashboard under API Keys. You should deploy your application with the updated key before revoking the existing key.
  3. Audit access logs for requests to your proxy endpoint (/__clerk/ by default) containing double slashes in the path.

Credit

Discovered during an internal code audit.

Severity ?
7.4 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.2.2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@clerk/backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.6"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@clerk/express"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.1.4"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@clerk/hono"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.1.0"
            },
            {
              "fixed": "0.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.4"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@clerk/fastify"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-27T19:58:19Z",
    "nvd_published_at": "2026-04-01T18:16:29Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThe `clerkFrontendApiProxy` function in `@clerk/backend` is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can craft a request path that causes the proxy to send the application\u0027s `Clerk-Secret-Key` to an attacker-controlled server.\n\n## Affected packages\n\nOnly applications that have opted into the `frontendApiProxy` feature are affected. This feature is not enabled by default. **Users of `@clerk/nextjs` are not affected** due to how the framework handles repeated `/` in request paths.\n\n| Package | Affected versions | Fixed version |\n|---|---|---|\n| `@clerk/backend` | `\u003e= 3.0.0, \u003c= 3.2.2` | `3.2.3` |\n| `@clerk/express` | `\u003e= 2.0.0, \u003c= 2.0.6` | `2.0.7` |\n| `@clerk/hono` | `\u003e= 0.1.0, \u003c= 0.1.4` | `0.1.5` |\n| `@clerk/fastify` | `\u003e= 3.1.0, \u003c= 3.1.4` | `3.1.5` |\n\nSearch your codebase for the `frontendApiProxy` option. If none of the patterns below appear in your code, you are not affected.\n\n**@clerk/express**\n```ts\napp.use(clerkMiddleware({ frontendApiProxy: { enabled: true } }));\n```\n\n**@clerk/hono**\n```ts\napp.use(\u0027*\u0027, clerkMiddleware({ frontendApiProxy: { enabled: true } }));\n```\n\n**@clerk/fastify**\n```ts\nfastify.register(clerkPlugin, { frontendApiProxy: { enabled: true } });\n```\n\n**@clerk/backend**\n```ts\nimport { clerkFrontendApiProxy } from \u0027@clerk/backend/proxy\u0027;\n```\n\nA quick way to check across your entire project:\n\n```sh\ngrep -r \"frontendApiProxy\\|clerkFrontendApiProxy\" .\n```\n\nIf there are no matches, you are not using this feature.\n\n\n## Recommended actions\n\nClerk\u0027s internal logs show no evidence of users utilizing the built-in proxy with the impacted versions. Despite that, if you are on an impacted version and use the built-in proxy we recommend upgrading and rotating your Clerk Secret Key immediately.\n\n1. **Upgrade** to the patched version of `@clerk/backend` (and `@clerk/express`, `@clerk/hono`, etc.)\n2. **Rotate your Clerk Secret Key** after upgrading - if an attacker exploited this vulnerability, they may have captured your key. Rotate it in the [Clerk Dashboard](https://dashboard.clerk.com) under **API Keys**.  You should deploy your application with the updated key before revoking the existing key.\n3. **Audit access logs** for requests to your proxy endpoint (`/__clerk/` by default) containing double slashes in the path.\n\n\n\n## Credit\n\nDiscovered during an internal code audit.",
  "id": "GHSA-gjxx-92w9-8v8f",
  "modified": "2026-04-06T16:44:03Z",
  "published": "2026-03-27T19:58:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/clerk/javascript/security/advisories/GHSA-gjxx-92w9-8v8f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34076"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/clerk/javascript"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.