Which versions of zrok Python SDK are affected by CVE-2026-45568?

The zrok Python SDK ProxyShare component (versions 0.4.47-1.1.11) contains a critical server-side request forgery vulnerability allowing unauthenticated attackers to redirect proxied requests to…

zrok Python SDK CVE-2026-45568

CRITICAL

Path Traversal (CWE-22)

2026-05-19 https://github.com/openziti/zrok

GHSA-jh67-hwqw-m5r7

Python Path Traversal

Lifecycle Timeline

Source Code Evidence Fetched

May 19, 2026 - 16:00 vuln.today

Analysis Generated

May 19, 2026 - 16:00 vuln.today

DescriptionNVD

Summary

Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response to Bob.

Details

The Python SDK proxy route accepts every path under the share:

python

@app.route('/', defaults={'path': ''}, methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'])
@app.route('/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'])
def proxy(path):

It constructs the outbound URL with urljoin and then sends the request:

python

url = urllib.parse.urljoin(self.target, path)
resp = requests.request(
    method=request.method,
    url=url,
    headers={key: value for (key, value) in request.headers
             if key.lower() not in HOP_BY_HOP_HEADERS},
    data=request.get_data(),
    cookies=request.cookies,
    allow_redirects=False,
    stream=True,
    verify=self.verify_ssl
)

When path is [http://127.0.0.1:19190/metadata](http://127.0.0.1:19190/metadata%60), urljoin(self.target, path) returns [http://127.0.0.1:19190/metadata](http://127.0.0.1:19190/metadata%60). The proxy sends the request to Bob's chosen URL rather than Alice's target.

AnalysisAI

Server-side request forgery in the zrok Python SDK's ProxyShare component (versions 0.4.47 through 1.1.11) allows remote unauthenticated users to redirect proxied requests to arbitrary hosts by submitting absolute URLs in the request path. Because the Flask handler concatenates user input with the configured target via urllib.parse.urljoin, an attacker (Bob) can replace the share owner's (Alice's) intended target with any host including internal cloud metadata endpoints, and the response is returned to the attacker. …

RemediationAI

Within 24 hours: Inventory all zrok SDK deployments and identify ProxyShare usage across production environments. Within 7 days: Implement network segmentation isolating affected systems from metadata endpoints, enforce strict URL validation policies, and disable ProxyShare if not business-critical. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45568 vulnerability details – vuln.today

Back