Skip to main content

Python CVE-2026-40072

| EUVDEUVD-2026-21000 LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-09 GitHub_M
1.7
CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
1.7 LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 09, 2026 - 18:15 euvd
EUVD-2026-21000
Analysis Generated
Apr 09, 2026 - 18:15 vuln.today
CVE Published
Apr 09, 2026 - 17:41 nvd
LOW 1.7

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 pypi packages depend on web3 (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 6.0.0b3.

DescriptionGitHub Advisory

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup (EIP-3668) by performing HTTP requests to URLs supplied by smart contracts in offchain_lookup_payload["urls"]. The implementation uses these contract-supplied URLs directly (after {sender} / {data} template substitution) without any destination validation. CCIP Read is enabled by default (global_ccip_read_enabled = True on all providers), meaning any application using web3.py's .call() method is exposed without explicit opt-in. This results in Server-Side Request Forgery (SSRF) when web3.py is used in backend services, indexers, APIs, or any environment that performs eth_call / .call() against untrusted or user-supplied contract addresses. A malicious contract can force the web3.py process to issue HTTP requests to arbitrary destinations, including internal network services and cloud metadata endpoints. This vulnerability is fixed in 7.15.0 and 8.0.0b2.

AnalysisAI

Server-Side Request Forgery in web3.py 6.0.0b3 through 7.14.x and 8.0.0b1 enables malicious smart contracts to force the library to issue HTTP requests to arbitrary destinations via CCIP Read (EIP-3668) URL templates without destination validation. The vulnerability affects all applications using web3.py's .call() method against untrusted contract addresses, as CCIP Read is enabled by default, allowing attackers to target internal network services and cloud metadata endpoints. The issue is remedied in versions 7.15.0 and 8.0.0b2.

Technical ContextAI

web3.py is a Python library for interacting with Ethereum blockchain nodes via JSON-RPC. It implements CCIP Read (Canonical Contract Interface Profile Read, defined in EIP-3668), which allows smart contracts to specify offchain data sources through the offchain_lookup_payload structure. When a contract invokes the offchain lookup mechanism, the library constructs HTTP requests using URLs supplied directly by the contract code after simple template substitution for {sender} and {data} placeholders. The root cause (CWE-918: Server-Side Request Forgery) stems from the absence of URL validation or destination allowlisting before these HTTP requests are dispatched. The vulnerability is particularly severe because CCIP Read is globally enabled by default (global_ccip_read_enabled = True) on all provider instances, meaning developers must explicitly disable the feature to protect their applications-rather than requiring explicit opt-in for the offchain lookup mechanism. The affected CPE range is ethereum:web3.py versions 6.0.0b3 through before 7.15.0, and 8.0.0b2 specifically.

RemediationAI

Upgrade web3.py to version 7.15.0 or later for the 7.x series, or 8.0.0b2 or later for the 8.x series. For immediate mitigation on older versions, disable CCIP Read globally by setting global_ccip_read_enabled = False on all provider instances, though this may impact functionality for legitimate offchain lookups. The upstream fix (commit b1c57bb0a124359c9902daaefab4d8af7c3c4c1e) validates destination URLs before issuing HTTP requests. Applications should review their web3.py dependencies and prioritize patching in backend services, indexers, and APIs that process calls to user-influenced or untrusted smart contracts. Additional hardening includes restricting outbound network access from web3.py processes via firewall rules or runtime policies to block requests to internal network ranges and cloud metadata endpoints (e.g., 169.254.169.254, 127.0.0.1). The official patch is available at https://github.com/ethereum/web3.py/security/advisories/GHSA-5hr4-253g-cpx2.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-40072 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy