Description
Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed — the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue.
Published: 2026-02-26
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery (SSRF) via unvalidated remote image URLs
Action: Patch Now
AI Analysis

Impact

Astro versions 9.0.0 through 9.5.3 contain a flaw that bypasses the image domain and remote pattern restrictions when the inferSize feature is enabled. The server fetches remote images without checking the configured allowlist, allowing an attacker to supply arbitrary URLs. This omission permits the server to reach internal services and metadata endpoints, exposing sensitive data and enabling further attacks. The weakness is classified as CWE-918.

Affected Systems

The vulnerability affects the Astro web framework from the withastro:astro vendor. Only versions 9.0.0 through 9.5.3 are impacted; version 9.5.4 and later contain the fix.

Risk and Exploitability

The vulnerability has a CVSS score of 6.5, indicating moderate severity, and an EPSS score of less than 1%, suggesting a low but nonzero likelihood of exploitation. It is not listed in the CISA KEV catalog. An attacker who can influence image URLs—such as through user‑supplied content or a content management system—can trigger the unfiltered fetch, creating a server‑side request to any host. The risk includes potential internal network discovery and exploitation of cloud metadata services.

Generated by OpenCVE AI on April 17, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Astro to version 9.5.4 or newer, which implements domain validation for inferSize.
  • Configure image.domains and/or image.remotePatterns to explicitly allow only trusted hostnames.
  • Disable the inferSize option if not required or replace it with a local image caching solution that performs proper domain checks.

Generated by OpenCVE AI on April 17, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cj9f-h6r6-4cx2 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize
History

Mon, 09 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Astro
Astro \@astrojs\/node
CPEs cpe:2.3:a:astro:\@astrojs\/node:*:*:*:*:*:node.js:*:*
Vendors & Products Astro
Astro \@astrojs\/node

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Withastro
Withastro astro
Vendors & Products Withastro
Withastro astro

Thu, 26 Feb 2026 01:00:00 +0000

Type Values Removed Values Added
Description Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed — the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue.
Title Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Astro \@astrojs\/node
Withastro Astro
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T16:21:44.676Z

Reserved: 2026-02-24T02:32:39.800Z

Link: CVE-2026-27829

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-26T01:16:24.390

Modified: 2026-03-09T20:47:35.170

Link: CVE-2026-27829

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:45:21Z

Weaknesses