Skip to main content

Whisperx Fastapi

1 CVEs product

Monthly

CVE-2026-34981 MEDIUM PATCH This Month

Server-side request forgery (SSRF) in whisperX-FastAPI versions 0.3.1 through 0.5.0 allows unauthenticated remote attackers to make arbitrary HTTP requests to internal URLs by exploiting inadequate URL validation in the FileService.download_from_url() function. An attacker can bypass the post-request file extension check by appending .mp3 to any URL supplied to the /speech-to-text-url endpoint, enabling reconnaissance of internal services and potential information disclosure. The vulnerability carries moderate severity (CVSS 5.8) with confirmed patch availability in version 0.6.0.

SSRF Whisperx Fastapi
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Server-side request forgery (SSRF) in whisperX-FastAPI versions 0.3.1 through 0.5.0 allows unauthenticated remote attackers to make arbitrary HTTP requests to internal URLs by exploiting inadequate URL validation in the FileService.download_from_url() function. An attacker can bypass the post-request file extension check by appending .mp3 to any URL supplied to the /speech-to-text-url endpoint, enabling reconnaissance of internal services and potential information disclosure. The vulnerability carries moderate severity (CVSS 5.8) with confirmed patch availability in version 0.6.0.

SSRF Whisperx Fastapi
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy