Skip to main content

requests-hardened CVE-2026-42175

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-05 https://github.com/saleor/requests-hardened GHSA-vh75-fwv3-pqrh
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 05, 2026 - 20:33 vuln.today
Analysis Generated
May 05, 2026 - 20:33 vuln.today

DescriptionGitHub Advisory

The SSRF protection in requests-hardened prior to version 1.2.1 fails to block IP addresses within the RFC 6598 Shared Address Space (100.64.0.0/10). An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This is for example relevant in environments such as AWS EKS where 100.64.0.0/10 is commonly used as the default pod CIDR.

The impact is environment-dependent, deployments that utilize the affected CIDR range for internal networking are exposed to SSRF bypass, while others may not be affected.

The issue is resolved in version 1.2.1 by extending the IP filtering logic to explicitly block the RFC 6598 range in addition to standard private addresses, as well as blocking all other reserved addresses (such as multicast) to prevent the re-occurrence of similar issues.

Version 1.2.1 is now blocking the following CIDRs:

  • 192.88.99.0/24 - 6to4 relay anycast
  • 100.64.0.0/10 - CG-NAT
  • 5f00::/16 - IPv6 Segment Routing
  • 64:ff9b::/96 - used for IPv6 & IPv4 translation (NAT64)
  • 2001:20::/28 - ORCHIDv2 (overlay identifiers)
  • 224.0.0.0/4 - multicast
  • ff00::/8 - multicast

Resources

  • https://github.com/python/cpython/issues/119812
  • https://github.com/saleor/requests-hardened/commit/b7403f88d3b3689e57435b75b51691a160aaeef5 - the fix itself
  • https://github.com/saleor/requests-hardened/commit/a266b3958bb142bca515b3c230fdea19fbda327c - follow up, adding additional support for outdated Python versions (3.11.9 and 3.10.11 instead of only 3.11.15 and 3.10.20)
  • https://github.com/saleor/requests-hardened/releases/tag/v1.2.1

AnalysisAI

Server-side request forgery in requests-hardened prior to 1.2.1 allows remote attackers to bypass SSRF protection and access internal services within RFC 6598 Shared Address Space (100.64.0.0/10) by supplying arbitrary URLs, particularly impacting AWS EKS deployments where this CIDR is the default pod network. The vulnerability has a CVSS score of 6.5 and is environment-dependent, affecting only deployments using the vulnerable IP range for internal networking. Vendor-released patch: version 1.2.1 extends IP filtering logic to block RFC 6598, 6to4 relay anycast, IPv6 reserved ranges, and multicast addresses.

Technical ContextAI

requests-hardened is a Python library (pkg:pip/requests-hardened) that wraps the requests HTTP library with SSRF protection by filtering outbound requests to internal IP ranges. The vulnerability stems from incomplete IP range validation in the ip_filter.py module (CWE-918: Server-Side Request Forgery). The SSRF protection mechanism should block requests to reserved, private, and link-local IP ranges to prevent attackers from pivoting through a trusted HTTP client to access internal infrastructure. Prior to version 1.2.1, the filtering logic failed to account for RFC 6598 Carrier-Grade NAT (CG-NAT) address space (100.64.0.0/10), which is commonly allocated in containerized environments like AWS EKS for pod-to-pod communication. The fix adds explicit blocking of seven additional CIDR ranges: 192.88.99.0/24, 100.64.0.0/10, 5f00::/16, 64:ff9b::/96, 2001:20::/28, 224.0.0.0/4, and ff00::/8, as well as backfilling support for outdated Python versions 3.10.11 and 3.11.9 that lack proper ipaddress module coverage.

RemediationAI

Vendor-released patch: upgrade requests-hardened to version 1.2.1 or later immediately. For Python 3.10 and 3.11 users, ensure the patched version is installed from https://github.com/saleor/requests-hardened/releases/tag/v1.2.1, which includes backports for Python 3.10.11 and 3.11.9 via commit a266b3958bb142bca515b3c230fdea19fbda327c. If immediate patching is not feasible, implement network-level controls by blocking outbound HTTP/HTTPS requests from application servers to the 100.64.0.0/10 range using firewall rules or network policies (in Kubernetes, use NetworkPolicy to deny traffic to 100.64.0.0/10). This mitigates the specific SSRF gap but does not address other reserved ranges now blocked in 1.2.1, and requires ongoing manual maintenance. Additionally, validate and sanitize all user-supplied URLs in the application layer before passing them to requests-hardened, restricting to allowlisted domains where feasible. This eliminates reliance on requests-hardened as the sole security boundary. See https://github.com/saleor/requests-hardened/security/advisories/GHSA-vh75-fwv3-pqrh for the full advisory.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-42175 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy