Description
Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to SSRF. If the `Host:` header is changed to an attacker's server, it will be fetched on `/500.html` and they can redirect this to any internal URL to read the response body through the first request. An attacker who can access the application without `Host:` header validation (eg. through finding the origin IP behind a proxy, or just by default) can fetch their own server to redirect to any internal IP. With this they can fetch cloud metadata IPs and interact with services in the internal network or localhost. For this to be vulnerable, a common feature needs to be used, with direct access to the server (no proxies). Version 9.5.4 fixes the issue.
Published: 2026-02-24
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery allowing internal network disclosure
Action: Patch Immediately
AI Analysis

Impact

Astro, a popular web framework, implements a server‑side render (SSR) engine that can display custom error pages. In versions earlier than 9.5.4, when a non‑existent route triggers such a custom error page, the framework uses the Host header supplied by the client to fetch a file named /500.html. If an attacker supplies a Host header that points to an external server, the framework will perform a request to that server just to obtain the error page. By controlling the content served on that external server, the attacker can cause Astro to follow a redirect back into the internal network and read the resulting response body. This chain turns the Host header into a primitive for Server‑Side Request Forgery, enabling access to internal URLs, cloud metadata endpoints, or other services that are normally unreachable from the public internet.

Affected Systems

The vulnerability affects the withastro:astro product in all releases prior to 9.5.4. All users running Astro versions 9.5.3 and earlier on any Node.js environment are potentially exposed.

Risk and Exploitability

The CVSS v3 score of 6.9 reflects a moderate severity, with a low exploitation probability (EPSS < 1%) and no current listing in the CISA KEV catalog. Attackers need the ability to send a request bearing a crafted Host header to the affected application; this could arise via direct access or through a compromised proxy that does not validate the Host header. Once the prerequisite reaches the server, the attacker can read sensitive internal content but no arbitrary code execution is described.

Generated by OpenCVE AI on April 17, 2026 at 16:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Astro to version 9.5.4 or later to eliminate the SSRF flaw.
  • Configure the application to validate the Host header against an approved whitelist, rejecting requests with unexpected Host values.
  • If upgrading is not immediately possible, restrict exposure of the application to trusted clients and block internal URI access from the SSRF path using network segmentation or firewall rules.

Generated by OpenCVE AI on April 17, 2026 at 16:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qq67-mvv5-fw3g Astro has Full-Read SSRF in error rendering via Host: header injection
History

Thu, 26 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Astro
Astro \@astrojs\/node
CPEs cpe:2.3:a:astro:\@astrojs\/node:*:*:*:*:*:node.js:*:*
Vendors & Products Astro
Astro \@astrojs\/node
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Withastro
Withastro astro
Vendors & Products Withastro
Withastro astro

Tue, 24 Feb 2026 00:45:00 +0000

Type Values Removed Values Added
Description Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to SSRF. If the `Host:` header is changed to an attacker's server, it will be fetched on `/500.html` and they can redirect this to any internal URL to read the response body through the first request. An attacker who can access the application without `Host:` header validation (eg. through finding the origin IP behind a proxy, or just by default) can fetch their own server to redirect to any internal IP. With this they can fetch cloud metadata IPs and interact with services in the internal network or localhost. For this to be vulnerable, a common feature needs to be used, with direct access to the server (no proxies). Version 9.5.4 fixes the issue.
Title Astro has Full-Read SSRF in error rendering via Host: header injection
Weaknesses CWE-918
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N'}

Subscriptions

Astro \@astrojs\/node
Withastro Astro
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T14:53:21.152Z

Reserved: 2026-02-02T19:59:47.375Z

Link: CVE-2026-25545

cve-icon Vulnrichment

Updated: 2026-02-26T14:53:11.380Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T01:16:13.087

Modified: 2026-02-25T15:19:26.397

Link: CVE-2026-25545

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:15:22Z

Weaknesses