Description
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to authentication cookies and headers exposure and possible privilege escalation.
Published: 2026-05-19
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The scalar/astro v0.1.13 Scalar Proxy endpoint accepts a scalar_url query parameter that is used to fetch a remote resource. This parameter is not authenticated or validated, allowing any attacker‑controlled URL to be fetched. The backend server may send its own authentication cookies or headers when requesting the target URL, exposing sensitive credentials that can be used to impersonate legitimate users or gain elevated privileges.

Affected Systems

Scalar/astro v0.1.13 contains an exposed Scalar Proxy endpoint that accepts the scalar_url parameter. No vendor product list is provided in the CNA data, so the exact vendor or product name is unknown beyond scalar/astro. The SSRF flaw applies only to the Proxy endpoint in that specific version.

Risk and Exploitability

The CVSS score is not publicly available, and there is no EPSS value. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is an unauthenticated HTTP request to the vulnerable endpoint with a crafted scalar_url parameter. Because the parameter accepts arbitrary URLs, an attacker can target internal or external hosts and force the server to transmit authentication cookies and headers that may belong to privileged accounts. The exploit can be performed quickly, requiring only the ability to issue an HTTP request to the exposed endpoint; no additional privileges on the backend are necessary to realize the SSRF effect.

Generated by OpenCVE AI on May 19, 2026 at 16:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade scalar/astro to the latest released version that fixes the SSRF issue
  • If an upgrade is not immediately possible, remove or disable the scalar_url query parameter and block the Scalar Proxy endpoint from external access
  • Apply strict outbound firewall rules or proxy restrictions on the backend server to allow connections only to trusted hosts and domains

Generated by OpenCVE AI on May 19, 2026 at 16:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:15:00 +0000

Type Values Removed Values Added
Title Unrestricted SSRF Vulnerability in scalar/astro Proxy Endpoint
Weaknesses CWE-918

Tue, 19 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to authentication cookies and headers exposure and possible privilege escalation.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-19T15:20:19.247Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30118

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-19T16:16:20.103

Modified: 2026-05-19T18:04:29.373

Link: CVE-2026-30118

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T17:00:12Z

Weaknesses