Skip to main content

Helicone AI Gateway CVE-2026-15508

| EUVDEUVD-2026-43249 LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-12 VulDB GHSA-9fxj-mchq-843p
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.7 HIGH

Scope changes to subsequent AWS system (IAM via IMDS); confidentiality high if credentials exposed; PR:L per provided CVSS 4.0 vector.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 12, 2026 - 23:22 NVD
MEDIUM LOW
CVSS changed
Jul 12, 2026 - 23:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 12, 2026 - 23:16 vuln.today

DescriptionCVE.org

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build_target_url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extracted_path_and_query can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Server-side request forgery in Helicone ai-gateway (up to 0.2.0-beta.30) allows a low-privileged remote attacker to manipulate the extracted_path_and_query argument within the build_target_url function of the AWS Metadata Service component, causing the gateway to issue unauthorized server-side HTTP requests to internal infrastructure. For deployments on AWS, this most critically targets the EC2 Instance Metadata Service (IMDS) at 169.254.169.254, potentially exposing IAM role credentials that carry blast radius far exceeding the assigned CVSS 5.3 score. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege API credentials
Delivery
Send crafted request with manipulated extracted_path_and_query
Exploit
build_target_url constructs IMDS-targeted URL
Execution
Gateway issues server-side HTTP request to 169.254.169.254
Persist
Retrieve IAM role credentials from metadata response
Impact
Authenticate to AWS services with stolen credentials

Vulnerability AssessmentAI

Exploitation Low-privilege authentication is required (PR:L per CVSS 4.0 vector) - an attacker must hold a valid account or API key on the Helicone ai-gateway instance. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 4.0 score of 5.3 materially underrepresents real-world risk for AWS-hosted deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged user with API access to the Helicone ai-gateway crafts a request that injects a path component targeting http://169.254.169.254/latest/meta-data/iam/security-credentials/ into the `extracted_path_and_query` argument processed by `build_target_url`. A public POC is available at the GitHub issue linked in references, lowering the skill threshold to near-zero. …
Remediation No vendor-released patch is identified at time of analysis - the vendor did not respond to the coordinated disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15508 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy