Skip to main content

compliance-trestle CVE-2026-46380

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-28 https://github.com/oscal-compass/compliance-trestle GHSA-w76h-q7c6-jpjp
6.7
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 28, 2026 - 18:51 vuln.today
Analysis Generated
May 28, 2026 - 18:51 vuln.today

DescriptionGitHub Advisory

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module.

Finding 1 (Critical): SSRF (CWE-918) The HTTPSFetcher._do_fetch() method passes a user-supplied URL directly to requests.get() without validation. This allows an attacker to perform Server-Side Request Forgery, targeting internal services or cloud metadata endpoints (e.g., 169.254.169.254).

Per rule 4.2.11 of the CVE CNA rules Finding 1 will be addressed in this advisory, while findings 2 & 3 will be addressed in separate advisories:

---

Multiple Path Traversal Vulnerabilities in Remote Fetching Subsystem

Finding 2 & 3 (High/Medium): Path Traversal (CWE-22) The caching logic for HTTPSFetcher and LocalFetcher fails to sanitize URI paths, allowing for arbitrary file reads via file:// or writing cached files outside the intended directory.

Impact: > These vulnerabilities can be chained to exfiltrate sensitive cloud credentials or compromise CI/CD environments.

Reproduction: > Please see the attached poc_ssrf_and_path_traversal.py and terminal_output.txt. 13 exploit vectors have been verified locally.

compliance-trestle_audit_2026-03-30.pdf poc_ssrf_and_path_traversal.py terminal_output.txt

AnalysisAI

Server-Side Request Forgery in compliance-trestle's HTTPSFetcher._do_fetch() allows a local low-privileged attacker to redirect outbound HTTP requests to internal services or cloud metadata endpoints such as 169.254.169.254 - enabling credential theft from AWS, GCP, or Azure instance metadata. Affected are all pip releases of compliance-trestle before 3.12.2 and versions 4.0.0 through 4.0.2. A public proof-of-concept (poc_ssrf_and_path_traversal.py) with 13 verified exploit vectors is attached to the GitHub Security Advisory GHSA-w76h-q7c6-jpjp; no public exploit identified at time of analysis as confirmed active exploitation (CISA KEV) and no EPSS score was provided in the input data.

Technical ContextAI

compliance-trestle (pkg:pip/compliance-trestle) is an OSCAL (Open Security Controls Assessment Language) automation framework used in compliance and CI/CD workflows. The vulnerable code resides in trestle/core/remote/cache.py, specifically in the HTTPSFetcher._do_fetch() method, which invokes Python's requests.get() with an unvalidated caller-supplied URL. CWE-918 (Server-Side Request Forgery) applies: the server-side process makes outbound HTTP requests to destinations the attacker controls, bypassing network controls that filter inbound traffic. The same module also contains path traversal flaws (CWE-22) in the HTTPSFetcher and LocalFetcher caching logic (tracked in separate CVEs per the advisory), which can be chained with this SSRF to read or write files outside the intended cache directory. The patched code introduces a two-tier SSRF defense: hard-blocking of loopback (127.0.0.0/8), link-local (169.254.0.0/16), and cloud metadata endpoints; and optional blocking of RFC 1918 private ranges via TRESTLE_BLOCK_PRIVATE_IPS=true.

RemediationAI

Upgrade compliance-trestle to version 4.0.3 (for 4.x users) or 3.12.2 (for 3.x users) - these are the vendor-confirmed fixed releases per GHSA-w76h-q7c6-jpjp. Patch commits are available at https://github.com/oscal-compass/compliance-trestle/commit/53de5e75332888ea54f5da41d4c7859bb1d608e1 and https://github.com/oscal-compass/compliance-trestle/commit/5c65c5926fe7ca908b9c1d281f904e7d97ba8310. For environments that cannot patch immediately, set the environment variable TRESTLE_BLOCK_PRIVATE_IPS=true to block RFC 1918 ranges in addition to the hard-blocked loopback and cloud metadata endpoints introduced in the fix. As a compensating control, restrict the network egress of the process running trestle so it cannot reach 169.254.169.254 or other metadata endpoints - most cloud providers support host-level firewall rules or IMDSv2 enforcement (AWS) that can block unauthenticated metadata access as a defense-in-depth measure, though this does not fix the underlying code flaw. Audit CI/CD pipeline configuration files for externally controlled URL inputs to trestle fetch operations.

Share

CVE-2026-46380 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy