Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Impact
Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF).
Patches
Fixes are available in Nautobot v2.4.33 and v3.1.2.
In support of this fix, three new settings variables have been added to Nautobot:
WEBHOOK_ALLOWED_SCHEMES- By default new or updatedWebhookrecords will be restricted to HTTP or HTTPS only, disallowing other schemes that may have been previously allowed. Administrators should audit existingWebhookrecords to identify any that are invalid, and either update/delete said records or customizeWEBHOOK_ALLOWED_SCHEMESas appropriate.WEBHOOK_ADDITIONAL_BLOCKED_NETWORKS- This can be used to specify additional IP networks that should be denied toWebhooksending, for example some deployments may wish to disallow RFC1918 addresses or even disallow all networks and carve out specific exemptions using the following setting.WEBHOOK_ALLOWED_HOSTS- This can be used to provide an allow-list of specific hosts that would otherwise be blocked by anyWEBHOOK_ADDITIONAL_BLOCKED_NETWORKSconfiguration.
Workarounds
Administrators should review which users have been granted add or change permissions for the Webhook data model, and should review currently defined Webhook records for safety and validity. Other than that, no specific workaround has been identified.
References
- 2.4.33 (<a href="https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4">patch</a>)
- 3.1.2 (<a href="https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08">patch</a>)
AnalysisAI
Server-side request forgery (SSRF) in Nautobot's Webhook feature allows authenticated users with add/change permissions on the Webhook data model to configure malicious webhook URLs targeting internal hosts, cloud metadata endpoints, or other restricted network resources. Affects all versions prior to 2.4.33 and 3.x versions prior to 3.1.2. The vulnerability allows bypassing intended network boundaries and accessing services that should not be reachable from the Nautobot server. Vendor-released patches available in v2.4.33 and v3.1.2 introduce URL scheme restrictions, IP network blocklists, and hostname allow-lists to prevent SSRF exploitation. No public exploit identified at time of analysis, but CVSS base score of 8.5 reflects significant impact with scope change allowing access to resources beyond the vulnerable component's security context.
Technical ContextAI
Nautobot is a Python-based network infrastructure automation platform distributed via PyPI (pip package manager). The vulnerability resides in the Webhook data model, which allows users to define HTTP callbacks triggered by system events. The flaw is classified as CWE-918 (Server-Side Request Forgery), where insufficient validation of user-supplied URLs permits the Nautobot server to make requests on behalf of an authenticated attacker. Classic SSRF vectors are possible including accessing cloud metadata services (169.254.169.254), internal services on loopback addresses, link-local networks, RFC1918 private ranges, and services using non-HTTP protocols (file://, ftp://, gopher://). The CVSS vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C indicates network-accessible exploitation requiring low-privilege authentication with changed scope, meaning successful exploitation can impact resources outside the Nautobot application's security boundary. The fix implements URL parsing with scheme validation, DNS resolution-time checks against blocklists, and configurable network filtering using three new settings: WEBHOOK_ALLOWED_SCHEMES (restricts to http/https by default), WEBHOOK_ADDITIONAL_BLOCKED_NETWORKS (admin-defined CIDR blocklist), and WEBHOOK_ALLOWED_HOSTS (carve-out exceptions for legitimate internal targets).
RemediationAI
Upgrade to Nautobot v2.4.33 (for 2.x deployments) or v3.1.2 (for 3.x deployments) immediately. Vendor-released patches available via pip upgrade: 'pip install --upgrade nautobot2.4.33' or 'nautobot3.1.2'. Commit-level patches available at https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4 (v2.4.33) and https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08 (v3.1.2). Post-upgrade actions required: (1) Audit all existing Webhook records for malicious or invalid URLs, particularly those using non-HTTP schemes or pointing to internal IP ranges. (2) Review and configure three new settings variables introduced in the patch: set WEBHOOK_ALLOWED_SCHEMES to restrict URL schemes (defaults to http/https only), configure WEBHOOK_ADDITIONAL_BLOCKED_NETWORKS to block RFC1918 ranges if internal webhooks are not needed (e.g., ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']), and define WEBHOOK_ALLOWED_HOSTS for legitimate internal targets requiring carve-out exceptions. Note that the deprecated nautobot-server webhook_receiver command has been removed in patched versions. If immediate patching is not possible, implement temporary compensating controls: (1) Restrict add/change permissions on the Webhook data model to fully-trusted administrators only using Django admin or Nautobot RBAC. (2) Review and delete any suspicious Webhook definitions, especially those with non-HTTP schemes or IP literals in private ranges. (3) Deploy network-level egress filtering to block Nautobot server access to metadata endpoints (169.254.169.254/32, fd00:ec2::254/128) and sensitive internal services. Trade-offs: restrictive egress rules may break legitimate webhook integrations to internal monitoring systems; validate before deploying broadly.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32974
GHSA-c35q-vxrp-ph26