CVE-2026-33182
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionGitHub Advisory
Impact
Users providing user generated input into the resolveEndpoint method on requests.
Patches
Upgrade to Saloon v4+
Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4
Description
When building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL (e.g. https://attacker.example.com/callback), the code used that URL as-is and ignored the base URL. The request-and any authentication headers, cookies, or tokens attached by the connector-was then sent to the attacker-controlled host. If the endpoint could be influenced by user input or configuration (e.g. redirect_uri, callback URL), this allowed server-side request forgery (SSRF) and/or credential leakage to a third-party host. The fix (in the next major version) is to reject absolute URLs in the endpoint: URLHelper::join() throws InvalidArgumentException when the endpoint is a valid absolute URL, unless explicitly allowed, requiring callers to opt-in to the functionality on a per-connector or per-request basis.
Credits
Saloon thanks @HuajiHD for finding the issue and recommending solutions and @JonPurvis for applying the fix.
AnalysisAI
Saloon versions prior to v4 contain a Server-Side Request Forgery (SSRF) vulnerability in the resolveEndpoint method that allows attackers to redirect authenticated requests to arbitrary hosts. When user-controlled input is passed as an endpoint parameter containing an absolute URL (e.g., https://attacker.example.com), Saloon ignores the connector's base URL and sends the request directly to the attacker-controlled destination, potentially leaking authentication headers, cookies, and tokens. This vulnerability affects the Saloon PHP HTTP client library (composer package saloonphp/saloon) and requires immediate upgrade to v4 or later to remediate.
Technical ContextAI
Saloon is a PHP HTTP client library that abstracts request building and connector management. The vulnerability exists in the URLHelper::join() method, which combines a connector's base URL with a request endpoint during request URL construction. The root cause is improper validation of endpoint URLs—the code failed to detect and reject absolute URLs in the endpoint parameter, instead treating them as valid override values. This is fundamentally a CWE-522 (Insufficiently Protected Credentials) issue compounded by improper input validation, as the library blindly forwards authentication context (headers, cookies, tokens) attached by the connector to any absolute URL provided in the endpoint, without validating that the URL belongs to the intended origin. The affected product is identified via CPE as pkg:composer/saloonphp/saloon, indicating all v3 and earlier releases are vulnerable.
RemediationAI
Upgrade Saloon to version v4 or later immediately. The vendor has provided a comprehensive upgrade guide at https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4. After upgrading, review all code paths where endpoint parameters are derived from user input, configuration files, or external sources (such as callback URIs, redirect URLs, or webhook targets), and ensure that absolute URLs are either sanitized, validated against an allowlist, or explicitly opt into the new per-request/per-connector allowlist mechanism introduced in v4. As a temporary mitigation before patching is possible, restrict network egress from the application to only known, trusted API hosts using a firewall or HTTP proxy with URL filtering, and monitor outbound connections for suspicious redirects to unexpected domains.
Same weakness CWE-522 – Insufficiently Protected Credentials
View allShare
External POC / Exploit Code
Leaving vuln.today