What is the CVSS score of CVE-2026-25545?

CVE-2026-25545 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Astrojs Node are affected by CVE-2026-25545?

CVE-2026-25545 affects Astro web framework versions prior to 9.5.4 and impacts organizations using Server-Side Rendered pages with custom error handling.. A patch is available.

Is there a public PoC exploit available for CVE-2026-25545?

Yes, a public proof-of-concept exploit is available for CVE-2026-25545. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-25545?

Within 24 hours: Identify all systems running Astro framework and document current versions; enable enhanced logging on affected applications. Within 7 days: Apply vendor patch to upgrade all Astro instances to version 9.5.4 or later; conduct post-patch validation testing. Within 30 days: Perform security assessment of custom error pages; review error handling logs for signs of exploitation; conduct team training on secure error page configurations.

Astrojs Node CVE-2026-25545

HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-02-24 security-advisories@github.com

GHSA-qq67-mvv5-fw3g

SSRF Astrojs Node

8.6

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.6 HIGH

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 25, 2026 - 15:19 vuln.today

Public exploit code

Patch released

Feb 25, 2026 - 15:19 nvd

Patch available

CVE Published

Feb 24, 2026 - 01:16 nvd

HIGH 8.6

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 npm packages depend on @astrojs/node (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 9.5.4.

DescriptionGitHub Advisory

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg. 404.astro or 500.astro) are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the response body through the first request. An attacker who can access the application without Host: header validation (eg. through finding the origin IP behind a proxy, or just by default) can fetch their own server to redirect to any internal IP. With this they can fetch cloud metadata IPs and interact with services in the internal network or localhost. For this to be vulnerable, a common feature needs to be used, with direct access to the server (no proxies). Version 9.5.4 fixes the issue.

AnalysisAI

Astro web framework versions prior to 9.5.4 contain a server-side request forgery vulnerability in error page handling that allows unauthenticated remote attackers to bypass Host header validation and redirect requests to internal services or cloud metadata endpoints. By manipulating the Host header when accessing prerendered error pages, attackers can read response bodies from internal URLs, cloud metadata services, or localhost resources. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Modify Host header to attacker server

Delivery

Trigger error page rendering

Exploit

Server fetches attacker's endpoint

Execution

Attacker redirects to internal URL

Impact

Server returns internal response body

Access

Modify Host header to attacker server

Delivery

Trigger error page rendering

Exploit

Server fetches attacker's endpoint

Execution

Attacker redirects to internal URL

Impact

Server returns internal response body

Vulnerability AssessmentAI

Exploitation	Server-Side Rendered pages with prerendered custom error pages (404.astro, 500.astro) in Astro versions before 9.5.4. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.6 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this vulnerability to compromise the affected system.
Remediation	A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Astro framework and document current versions; enable enhanced logging on affected applications. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-25545 vulnerability details – vuln.today

Back

Astrojs Node CVE-2026-25545

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

Blast Radius

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code