Skip to main content

Karakeep CVE-2026-45082

| EUVD-2026-31826 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-26 GitHub_M
Docker SSRF Karakeep
7.6
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.6 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 10:01 vuln.today
Patch available
May 26, 2026 - 16:02 EUVD
CVE Published
May 26, 2026 - 13:45 nvd
HIGH 7.6

DescriptionGitHub Advisory

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward internal/private network destinations, these protections could be bypassed through crafted HTTP redirect chains. By leveraging attacker-controlled redirects, an authenticated user could cause vulnerable application components to initiate requests toward internally reachable Docker network services accessible from the application environment. The issue affected multiple processing paths, including crawler-related functionality and video download processing flows. Version 0.32.0 contains a patch.

AnalysisAI

Server-side request forgery in Karakeep self-hosted bookmark manager versions prior to 0.32.0 allows authenticated users to bypass internal-network protections by chaining attacker-controlled HTTP redirects, reaching Docker-internal services from the crawler and video download flows. Publicly available exploit code exists per SSVC, though EPSS is low at 0.03% and the issue is not in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Register or use existing Karakeep account
Delivery
Submit bookmark URL pointing to attacker server
Exploit
Crawler/video worker fetches URL
Install
Attacker returns 302 to internal Docker service
C2
Worker dereferences redirect without re-validation
Execute
Internal service response stored in bookmark metadata
Impact
Attacker reads exfiltrated data via UI
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must hold a valid Karakeep account on the target instance (CVSS PR:L) and must be able to submit a URL into either the link crawler or the video download ingestion flow - both default-enabled paths. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and point to a real but bounded priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Karakeep user adds a bookmark pointing at https://attacker.example/redirect, where the attacker's server responds with a 302 to http://meilisearch:7700/indexes or http://172.17.0.1:9200/_cat/indices. The crawler or video downloader follows the redirect into the Docker bridge network, fetches the internal service's response, and stores fragments of it as scraped metadata that the attacker can read back through the normal bookmark UI. …
Remediation Vendor-released patch: upgrade to Karakeep 0.32.0 or later, which adds redirect-aware SSRF validation; release notes and details are at https://github.com/karakeep-app/karakeep/security/advisories/GHSA-g647-327m-79g9. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all Karakeep deployments and confirm which instances run versions prior to 0.32.0; publicly available exploit code exists, so closure should be treated with urgency. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL POC
9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
CVE-2026-53753 CRITICAL
9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-47172 CRITICAL
9.5 Jun 11

Privileged GitHub Actions workflow injection in Quest Bot (Discord moderation bot) prior to version 1.0.3 allows remote

CVE-2026-47174 CRITICAL
9.5 Jun 11

Production deployment compromise in Duck Site before 1.0.1 allows remote attackers to push attacker-controlled code as t
CVE-2026-53755 HIGH
8.6 Jun 16

Server-side request forgery in Crawl4AI's Docker API server (versions <= 0.8.8) allows unauthenticated remote attackers

Share

CVE-2026-45082 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy