Skip to main content

Inngest TypeScript SDK CVE-2026-42047

HIGH
Information Exposure (CWE-200)
2026-05-05 https://github.com/inngest/inngest-js GHSA-2jf5-6wwv-vhxx
8.6
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 05, 2026 - 19:00 vuln.today
Analysis Generated
May 05, 2026 - 19:00 vuln.today

DescriptionGitHub Advisory

Summary

A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler.

The serve() handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS, or DELETE fall through to a generic handler that returns diagnostic information. A change introduced in v3.22.0 caused this diagnostic response to include the contents of process.env, exposing any secrets, API keys, or credentials present in the environment.

Who is affected

An application is vulnerable if all of the following are true:

  • It uses inngest SDK version >= 3.22.0, <= 3.53.1 (inclusive)
  • Its serve() endpoint is reachable via PATCH, OPTIONS, or DELETE requests.

Please check your framework's implementation for the serve handler (documentation) to asses whether it handles these HTTP methods. Common vulnerable configurations include:

  • Next.js Pages Router, which forwards all HTTP methods to the handler.
  • Express via app.use('/api/inngest', serve(...)), which routes PATCH and OPTIONS to the handler by default.

The following are not affected:

  • Next.js App Router handlers that explicitly export only GET, POST, and PUT.
  • Applications using the connect worker method.
  • SDK versions < 3.22.0 and >= 3.54.0, including all 4.x releases.

The vulnerability was responsibly disclosed by an Inngest user. At this time, there are no known reports of exploitation.

Remediation

  1. Upgrade to inngest@3.54.0 or later. The fix is backwards compatible with the 3.x release line. The 4.x line is also unaffected.
  2. Rotate any secrets that were presence in environment variables (process.env) within affected environments including Inngest signing keys and event keys
  3. Search logs for any requests to your serve endpoints using the PATCH, OPTIONS, DELETE http methods to assess if any environment variables may have been exposed.

Additional recommendations

Users on platforms with long-lived deployments (e.g. Vercel, Cloudflare Workers) should be aware that prior deployments remain reachable at their immutable URLs and may continue to expose the vulnerability even after a new deployment is promoted. For example, Vercel offers security features such as "Deployment Protection" and the ability to delete older deployments which can help immediately mitigate impact.

For additional security, users can also adjust firewall or proxy rules to only allow requests to their serve endpoint from Inngest IP addresses available here: http://inngest.com/ips-v4, http://inngest.com/ips-v6

Workarounds

If upgrading is not immediately possible, restrict the serve() endpoint at the framework or reverse-proxy layer to accept only GET, POST, and PUT. The Inngest serve() endpoint does not require any other HTTP methods.

Resources

  • Rotating Inngest keys: https://www.inngest.com/docs/platform/manage/rotating-keys
  • Inngest signing keys: https://www.inngest.com/docs/platform/signing-keys
  • Inngest event keys: https://www.inngest.com/docs/events/creating-an-event-key
  • Inngest security best practices: https://www.inngest.com/docs/learn/security

Credits

  • Ben Hylak - an independent security researcher, discovered and responsibly disclosed the vulnerability.

AnalysisAI

Environment variable disclosure via unhandled HTTP methods in Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate all process environment variables, including API keys, signing keys, and credentials. Vulnerable applications must expose the serve() endpoint to PATCH, OPTIONS, or DELETE methods - common in Next.js Pages Router and Express default configurations. The vulnerability was responsibly disclosed by independent researcher Ben Hylak with no known active exploitation at time of analysis. CVSS 8.6 reflects network-accessible unauthenticated attack with high confidentiality impact and scope change. Vendor-released patch available in version 3.54.0.

Technical ContextAI

The Inngest TypeScript SDK (npm package inngest) provides a serve() HTTP handler for serverless function orchestration. This handler implements application logic for GET, POST, and PUT methods. A code change in version 3.22.0 introduced a diagnostic fallback handler for unrecognized HTTP methods that inadvertently included process.env contents in the response body. This represents CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) - the application exposes internal state through error/diagnostic messages. The vulnerability exists in the Node.js runtime environment where process.env is a global object containing all environment variables accessible to the process, which commonly includes secrets in serverless and cloud-native deployments. The scope change (S:C) in the CVSS vector indicates that the vulnerable component (SDK) can expose resources beyond its own security scope - namely, credentials for other services stored in environment variables.

RemediationAI

Upgrade to inngest version 3.54.0 or later, which is backwards compatible with the 3.x release line and includes the fix for environment variable exposure (all 4.x versions are also unaffected). After upgrading, immediately rotate all secrets that were present in environment variables in affected deployments, specifically Inngest signing keys and event keys (rotation documentation at https://www.inngest.com/docs/platform/manage/rotating-keys). Review web server logs for PATCH, OPTIONS, or DELETE requests to serve() endpoints to determine if unauthorized access occurred. For platforms with immutable deployment URLs like Vercel or Cloudflare Workers, previous vulnerable deployments remain accessible even after new deployment - enable Vercel Deployment Protection (https://vercel.com/docs/deployment-protection#standard-protection) or delete older deployments (https://vercel.com/kb/guide/how-do-i-delete-an-individual-deployment) to fully remediate. If immediate upgrade is not possible, configure framework-level or reverse-proxy restrictions to accept only GET, POST, and PUT methods at the serve() endpoint path, or restrict access to Inngest IP ranges (http://inngest.com/ips-v4, http://inngest.com/ips-v6) via firewall rules. Note that method restriction workarounds require framework-specific configuration and may break functionality if other methods are legitimately needed elsewhere in the application.

Share

CVE-2026-42047 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy