Playwright Capture CVE-2026-44439
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on private, loopback, link-local, or otherwise non-public IP addresses. In deployments where PlaywrightCapture processes untrusted URLs, this could allow a remote attacker to perform server-side request forgery against internal services or attempt to access local files from the capture environment. Depending on what capture artifacts are generated and exposed, responses from those resources could potentially be leaked through screenshots, saved page content, logs, or other capture outputs. The patch mitigates the issue by introducing request routing checks that block secondary requests to local files, non-global IP addresses, and .local domains when only_global_lookup is enabled, while still allowing the originally requested capture URL.
AnalysisAI
Server-side request forgery in Playwright Capture before version 1.39.6 allows remote attackers to access local files and internal network resources through browser-side redirection mechanisms when processing untrusted URLs. An attacker-controlled page can abuse window.location.href and similar navigation primitives to redirect the capture process to file:// URLs or private IP addresses, potentially leaking responses through screenshots, saved content, or logs. The vulnerability is mitigated by request routing checks introduced in version 1.39.6 that block secondary requests to local files, non-global IP addresses, and .local domains.
Technical ContextAI
Playwright Capture is a Python-based web page capture tool built on the Playwright browser automation framework (CPE: pkg:pip/playwrightcapture). The vulnerability stems from insufficient validation of secondary navigations and resource requests initiated by rendered pages. Playwright's request interception and routing mechanisms do not by default restrict where rendered JavaScript code can redirect the browser. The vulnerability exploits CWE-918 (Server-Side Request Forgery), where attacker-controlled page content manipulates the capture environment into making unwanted requests. The patch implements route handlers that intercept all requests and validate IP addresses (using Python's ipaddress library), hostnames (using pyfaup for URL parsing), and request origins. The fix introduces an only_global_lookup parameter (default True) that enables filtering of file:// schemes and non-global IP addresses (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 169.254.0.0/16, etc.) while allowing the originally requested URL to proceed unimpeded.
RemediationAI
Upgrade Playwright Capture to version 1.39.6 or later, which includes request routing checks that block secondary requests to local files and non-public IP addresses. The patched version is available from the official PyPI repository and can be installed via pip install --upgrade playwrightcapture==1.39.6 or later. For deployments unable to upgrade immediately, explicitly set only_global_lookup=True when instantiating the Capture class (this is the default in 1.39.6+), and restrict the URLs submitted for capture to a whitelist of trusted domains. Additionally, review capture artifact handling: disable or restrict logging of HTTP responses and headers, limit access to screenshots and saved page content, and ensure capture outputs are not served to untrusted users without sanitization. If legacy versions must remain in place, implement network-level controls such as blocking outbound requests from the capture process to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8) and disable file:// protocol support at the system level via AppArmor or SELinux policies. These mitigations reduce but do not eliminate risk; upgrading is strongly recommended.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-687h-xw6f-q2qw