Skip to main content

@astrojs/netlify EUVDEUVD-2026-38334

| CVE-2026-54300 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-16 https://github.com/withastro/astro GHSA-529g-xq4f-cw38
5.3
CVSS 3.1 · Vendor: https://github.com/withastro/astro
Share

Severity by source

Vendor (https://github.com/withastro/astro) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
5.3 MEDIUM

Network-reachable CDN endpoint, no auth required to trigger; confidentiality limited to image-proxy disclosure; no integrity or availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/withastro/astro).

CVSS VectorVendor: https://github.com/withastro/astro

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 16, 2026 - 15:37 vuln.today
Analysis Generated
Jun 16, 2026 - 15:37 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on @astrojs/netlify (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 7.0.13.

DescriptionCVE.org

Summary

@astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as *.example.com is converted to an optional subdomain regex, so the apex host matches. A single wildcard pathname such as /ok/* is converted without end anchoring, so deeper paths match by prefix.

Technical details

The Netlify adapter generates regex strings for Netlify Image CDN from image.remotePatterns. For *.example.com, it emits ([a-z0-9-]+\\.)?example\\.com, which makes the subdomain optional. Astro's canonical helper requires exactly one subdomain and rejects the apex host.

For /ok/*, the adapter emits a segment regex but does not anchor the end of the URL. Netlify's Image CDN implementation treats images.remote_images entries as JavaScript regular expressions and calls .test(sourceImageUrl.href), so a URL such as /ok/a/b.svg matches the /ok/a prefix even though Astro's helper rejects it.

The latest npm package @astrojs/netlify@7.0.10 contains this conversion logic, and a minimal Astro build writes the broadened patterns into .netlify/v1/config.json.

Reproduction

  1. Create an Astro app using astro@6.3.8 and @astrojs/netlify@7.0.10.
  2. Configure Netlify output and a restrictive image pattern, for example remotePatterns: [{ protocol: 'http', hostname: '*.localhost', pathname: '/ok/*' }].
  3. Build the app and observe that .netlify/v1/config.json contains http://([a-z0-9-]+\\.)?localhost(:[0-9]+)?(\\/ok/[^/?#]+)/?([?][^#]*)?.
  4. Serve a canary SVG on 127.0.0.1:9001.
  5. Request /.netlify/images?url=http%3A%2F%2Flocalhost%3A9001%2Fok%2Fa.svg&w=100. Astro's helper rejects the apex localhost for *.localhost, but Netlify Image CDN accepts it and fetches the canary.
  6. As a negative control, request /.netlify/images?url=http%3A%2F%2Flocalhost%3A9001%2Fnope%2Fa.svg&w=100. This returns 403 Forbidden: Remote image URL not allowed and does not hit the canary.
  7. Request /.netlify/images?url=http%3A%2F%2Flocalhost%3A9001%2Fok%2Fa%2Fb.svg&w=100. Astro's /ok/* helper rejects this deeper path, but Netlify Image CDN accepts it and fetches the canary.

Impact

Any Astro app deployed with @astrojs/netlify and a restrictive image.remotePatterns config can expose a wider image-fetch boundary than intended. Public requests to the Netlify Image CDN endpoint can fetch URLs that Astro's own matcher would reject, including apex hosts for *.host patterns and deeper paths for /path/* patterns. The practical impact depends on what the application intended to isolate behind the remote image allowlist, but it can disclose image-like resources from unintended hosts or paths behind the same configured remote origin family.

Remediation

Generate regexes that exactly match Astro's canonical matchHostname and matchPathname semantics, and anchor the full URL match before writing images.remote_images. In particular, *.example.com should require exactly one subdomain and should not match example.com, and /ok/* should match exactly one additional path segment and should not match /ok/a/b.

AnalysisAI

Regex translation in the @astrojs/netlify adapter broadens Astro's image.remotePatterns beyond the intended allowlist when building for Netlify deployment, enabling unauthorized image fetches from apex hosts and deeper URL paths. Versions of @astrojs/netlify prior to 7.0.13 (confirmed vulnerable at 7.0.10) generate Netlify Image CDN regex patterns that make wildcard subdomains optional and omit end-anchoring on pathname segments, causing the Netlify CDN to accept URLs that Astro's canonical matcher would reject. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify Astro/Netlify app with wildcard remotePatterns
Delivery
Inspect or infer configured origin family
Exploit
Craft image CDN request targeting apex host or deeper path
Execution
Send GET to /.netlify/images?url=<crafted>
Persist
Netlify CDN fetches from unintended host or path
Impact
Receive proxied image-like resource

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target application be built and deployed using @astrojs/netlify (versions below 7.0.13) as its Netlify adapter, AND that the application's Astro configuration include at least one `image.remotePatterns` entry using either a wildcard subdomain pattern (`*.hostname`) or a wildcard pathname segment (`/path/*`). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) accurately captures that unauthenticated network attackers can trigger the broadened image fetch once an application is built and deployed with the vulnerable adapter. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies an Astro application deployed on Netlify that uses `@astrojs/netlify@7.0.10` with a pattern such as `remotePatterns: [{ hostname: '*.internal-partner.com', pathname: '/public/*' }]`. The broadened regex allows the apex host `internal-partner.com` to also match, so the attacker sends a request to `/.netlify/images?url=https%3A%2F%2Finternal-partner.com%2Fpublic%2Fsecret-diagram.svg&w=100`, causing the Netlify Image CDN to proxy the resource even though Astro's matcher would have rejected the apex host. …
Remediation Upgrade @astrojs/netlify to version 7.0.13 or later, which corrects the regex generation logic to match Astro's canonical `matchHostname` and `matchPathname` semantics including required subdomain presence and full end-anchoring of pathnames. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2014-7205 CRITICAL POC
10.0 Oct 08

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2017-14849 HIGH POC
7.5 Sep 28

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc

CVE-2017-5941 CRITICAL POC
9.8 Feb 09

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner

CVE-2014-3744 HIGH POC
7.5 Oct 23

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi

CVE-2014-9566 HIGH POC
7.5 Mar 10

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin

CVE-2013-4660 MEDIUM POC
6.8 Jun 28

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic

CVE-2015-5688 MEDIUM POC
5.0 Sep 04

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2014-7192 CRITICAL POC
10.0 Dec 11

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat

CVE-2013-4450 MEDIUM POC
5.0 Oct 21

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se

Share

EUVD-2026-38334 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy