Skip to main content

Docker CVE-2026-35036

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-03 https://github.com/lin-snow/Ech0 GHSA-wc4h-2348-jc3p
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Apr 03, 2026 - 08:30 nvd
Patch available
Analysis Generated
Apr 03, 2026 - 03:45 vuln.today
CVE Published
Apr 03, 2026 - 03:30 nvd
HIGH 7.5

DescriptionGitHub Advisory

Summary

Ech0 implements link preview (editor fetches a page title) through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body into memory (io.ReadAll). There is no host allowlist, no SSRF filter, and InsecureSkipVerify: true on the outbound client.

Attacker outcome : Anyone who can reach the instance can force the Ech0 server to open HTTP/HTTPS URLs of their choice as seen from the server’s network position (Docker bridge, VPC, localhost from the process view). Go’s default http.Client follows redirects (unless disabled). Redirect chains can move the server-side request from an allowed-looking host to an internal target; the code does not disable this in SendRequest.

Affected Components

Ech0 codebase:

  • internal/handler/common/common.go

Handles the /api/website/title endpoint and accepts user-controlled URL input.

  • internal/service/common/common.go

Processes the request and invokes the outbound HTTP fetch (GetWebsiteTitle).

  • internal/util/http/http.go

Performs the HTTP request (SendRequest) with the following insecure configurations:

  • No URL validation or allowlist
  • Redirects enabled (default client behavior)
  • InsecureSkipVerify: true

PoC

Environment: Ech0 listening on http://127.0.0.1:6277 (e.g. Docker image sn0wl1n/ech0:latest). No cookies or Authorization header.

Step 1 - baseline: unauthenticated server-side fetch (public URL):

bash
curl.exe -sS -m 20 "http://127.0.0.1:6277/api/website/title?website_url=https://example.com"

Observed result (verified): HTTP 200, JSON with code: 1 and data Example Domain - proves the Ech0 process performed an outbound GET without any client auth.

Step 2 - impact: host-bound page + recorded leak (repo PoC file) Committed PoC page: poc_ssrf_proof.html

  1. From poc file directory, listen on 0.0.0.0 (port 9999):
bash
python -m http.server 9999 --bind 0.0.0.0
  1. Docker Desktop (Windows / macOS): Ech0 in Docker fetches the host via host.docker.internal:
bash
curl.exe -sS -m 20 "http://127.0.0.1:6277/api/website/title?website_url=http://host.docker.internal:9999/poc_ssrf_proof.html"

Recorded response (verified this workspace, Ech0 4.2.2 in Docker):

json
{"code":1,"msg":"获取网站标题成功","data":"ECH0_SSRF_POC_LEAK_2026"}

Python server log: GET /poc_ssrf_proof.html200 (proves the server/container pulled the page from your host).

Leak channel: the backend reads the full HTML body before parsing (see io.ReadAll in SendRequest).

Impact

  • Verified: Unauthenticated callers can make the Ech0 process issue server-side HTTP(S) requests to internal/reserved targets reachable from that process (PoC Step 2: host-reachable listener reflected in JSON).
  • Code-level: The full response is read into memory (io.ReadAll); only the title string is returned. Combined with default HTTP redirect following (standard http.Client behavior; not disabled here), the effective request graph is larger than a single URL.
  • TLS: InsecureSkipVerify: true means misissued or intercepted TLS to internal HTTPS services is still accepted from the server’s perspective.
  • Deployment-dependent: Where routing allows (typical cloud VMs), 169.254.169.254-class endpoints are in scope for the same code path; treat as **high*.
  • DOS(Denial of Service): reading the whole body into memory with io.ReadAll is a DoS vector if you point it at a massive file.

Remediation

  • Enforce SSRF-safe URL policy: allow only needed schemes/hosts; block link-local, metadata, and loopback unless explicitly required.
  • Remove InsecureSkipVerify; use normal TLS verification.
  • Limit redirects (disable or cap hops; re-validate each target).
  • Add response size / timeout limits; optionally restrict egress at the network layer.

AnalysisAI

Unauthenticated server-side request forgery in Ech0's link preview endpoint allows remote attackers to force the application server to perform HTTP/HTTPS requests to arbitrary internal and external targets. The /api/website/title route requires no authentication, performs no URL validation, follows redirects by default, and disables TLS certificate verification (InsecureSkipVerify: true). Attackers can probe internal networks, access cloud metadata services (169.254.169.254), and trigger denial-

Technical ContextAI

Ech0 is a Go-based application providing editor link preview functionality through server-side webpage title extraction. The vulnerability exists in the HTTP request handling chain spanning internal/handler/common/common.go (endpoint), internal/service/common/common.go (business logic), and internal/util/http/http.go (HTTP client). The implementation uses Go's standard http.Client with default configuration that permits unlimited HTTP redirects, combined with TLS verification bypass (InsecureSkipVerify: true) and complete response body buffering (io.ReadAll). This represents CWE-918 (Server-Side Request Forgery) where user-supplied URLs pass directly to net/http without validation against SSRF attack patterns. The CPE identifier pkg:go/github.com_lin-snow_ech0 indicates this affects the Go module dependency. Docker deployments are particularly vulnerable as containers can access host services via special DNS names (host.docker.internal) and cloud metadata endpoints (169.254.169.254) that expose AWS/Azure/GCP instance credentials and configuration data.

RemediationAI

Apply the vendor-released patch referenced in GitHub security advisory GHSA-wc4h-2348-jc3p available at https://github.com/lin-snow/Ech0/security/advisories/GHSA-wc4h-2348-jc3p. The patch should implement URL validation with allowlists for permitted schemes (http/https only) and hosts, block requests to RFC1918 private addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local addresses (169.254.0.0/16), and loopback interfaces (127.0.0.0/8, ::1). Remove InsecureSkipVerify: true from the HTTP client configuration in internal/util/http/http.go to restore proper TLS certificate validation. Disable or strictly limit HTTP redirects by setting http.Client.CheckRedirect to validate each redirect target against the same SSRF protection rules. Implement response size limits before io.ReadAll operations to prevent memory exhaustion attacks, with recommended maximum of 10MB for HTML title extraction. Add request timeouts (5-10 seconds suggested) to prevent resource exhaustion from slow-responding endpoints. As immediate mitigation, restrict network egress at the firewall or container network policy level to block access to metadata endpoints (169.254.169.254/32) and internal network ranges if link preview functionality must remain enabled before patching. Consider adding authentication requirements to the /api/website/title endpoint if business requirements permit.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Share

CVE-2026-35036 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy