{"uuid": "e066720b-a9f8-4846-8c2d-c84eb55ce666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-7RX4-C5VX-G8W3", "type": "seen", "source": "https://gist.github.com/alon710/260608e1e5e80ae5e3b0acd83fc48ee1", "content": "# GHSA-7RX4-C5VX-G8W3: GHSA-7RX4-C5VX-G8W3: Server-Side Request Forgery Bypass in Karakeep Metadata Extraction Workers\n\n> **CVSS Score:** 8.6\n> **Published:** 2026-05-14\n> **Full Report:** https://cvereports.com/reports/GHSA-7RX4-C5VX-G8W3\n\n## Summary\nA critical Server-Side Request Forgery (SSRF) vulnerability exists in the Karakeep metadata extraction process prior to version 0.32.0. The flaw allows attackers to bypass primary URL validation and target internal network resources or cloud metadata services via crafted webpage metadata.\n\n## TL;DR\nKarakeep workers are vulnerable to SSRF via the metascraper-logo-favicon plugin, which autonomously probes internal network resources during HTML parsing.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-918\n- **Attack Vector**: Network\n- **CVSS**: 8.6 (High)\n- **Impact**: Information Disclosure / Internal Network Access\n- **Exploit Status**: PoC Available\n- **Fixed Version**: v0.32.0\n\n## Affected Systems\n\n- Karakeep Worker Processes\n- metascraper-logo-favicon plugin\n- **Karakeep**: < 0.32.0 (Fixed in: `0.32.0`)\n\n## Mitigation\n\n- Upgrade Karakeep to version v0.32.0 or later.\n- Implement strict network egress filtering on worker nodes to deny traffic to internal IP ranges (RFC 1918) and cloud metadata services (169.254.169.254).\n- Enforce IMDSv2 in AWS environments to mitigate generic SSRF token retrieval.\n\n**Remediation Steps:**\n1. Verify the current running version of Karakeep worker processes.\n2. Pull the latest Docker image or source code for release v0.32.0.\n3. Redeploy the worker nodes with the updated version.\n4. Verify that egress traffic rules block unauthorized internal access from worker processes.\n\n## References\n\n- [GHSA-7RX4-C5VX-G8W3 Security Advisory](https://github.com/advisories/GHSA-7RX4-C5VX-G8W3)\n- [karakeep-app/karakeep PR #2763](https://github.com/karakeep-app/karakeep/pull/2763)\n- [Fix Commit 3dc321e7](https://github.com/karakeep-app/karakeep/commit/3dc321e7d49aa3a1a2493637fb2ee21616fe5fd9)\n- [Karakeep v0.32.0 Release](https://github.com/karakeep-app/karakeep/releases/tag/v0.32.0)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-7RX4-C5VX-G8W3) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-14T18:40:28.000000Z"}