Skip to main content

Playwright Capture CVE-2026-44439

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-06 https://github.com/Lookyloo/PlaywrightCapture GHSA-687h-xw6f-q2qw
6.6
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.6 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
CVSS changed
May 13, 2026 - 22:22 NVD
6.6 (MEDIUM)
Source Code Evidence Fetched
May 07, 2026 - 00:00 vuln.today
Analysis Generated
May 07, 2026 - 00:00 vuln.today
CVE Published
May 06, 2026 - 23:43 nvd
MEDIUM

DescriptionGitHub Advisory

Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on private, loopback, link-local, or otherwise non-public IP addresses. In deployments where PlaywrightCapture processes untrusted URLs, this could allow a remote attacker to perform server-side request forgery against internal services or attempt to access local files from the capture environment. Depending on what capture artifacts are generated and exposed, responses from those resources could potentially be leaked through screenshots, saved page content, logs, or other capture outputs. The patch mitigates the issue by introducing request routing checks that block secondary requests to local files, non-global IP addresses, and .local domains when only_global_lookup is enabled, while still allowing the originally requested capture URL.

AnalysisAI

Server-side request forgery in Playwright Capture before version 1.39.6 allows remote attackers to access local files and internal network resources through browser-side redirection mechanisms when processing untrusted URLs. An attacker-controlled page can abuse window.location.href and similar navigation primitives to redirect the capture process to file:// URLs or private IP addresses, potentially leaking responses through screenshots, saved content, or logs. The vulnerability is mitigated by request routing checks introduced in version 1.39.6 that block secondary requests to local files, non-global IP addresses, and .local domains.

Technical ContextAI

Playwright Capture is a Python-based web page capture tool built on the Playwright browser automation framework (CPE: pkg:pip/playwrightcapture). The vulnerability stems from insufficient validation of secondary navigations and resource requests initiated by rendered pages. Playwright's request interception and routing mechanisms do not by default restrict where rendered JavaScript code can redirect the browser. The vulnerability exploits CWE-918 (Server-Side Request Forgery), where attacker-controlled page content manipulates the capture environment into making unwanted requests. The patch implements route handlers that intercept all requests and validate IP addresses (using Python's ipaddress library), hostnames (using pyfaup for URL parsing), and request origins. The fix introduces an only_global_lookup parameter (default True) that enables filtering of file:// schemes and non-global IP addresses (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 169.254.0.0/16, etc.) while allowing the originally requested URL to proceed unimpeded.

RemediationAI

Upgrade Playwright Capture to version 1.39.6 or later, which includes request routing checks that block secondary requests to local files and non-public IP addresses. The patched version is available from the official PyPI repository and can be installed via pip install --upgrade playwrightcapture==1.39.6 or later. For deployments unable to upgrade immediately, explicitly set only_global_lookup=True when instantiating the Capture class (this is the default in 1.39.6+), and restrict the URLs submitted for capture to a whitelist of trusted domains. Additionally, review capture artifact handling: disable or restrict logging of HTTP responses and headers, limit access to screenshots and saved page content, and ensure capture outputs are not served to untrusted users without sanitization. If legacy versions must remain in place, implement network-level controls such as blocking outbound requests from the capture process to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8) and disable file:// protocol support at the system level via AppArmor or SELinux policies. These mitigations reduce but do not eliminate risk; upgrading is strongly recommended.

Share

CVE-2026-44439 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy