CVE-2026-30118 - Vulnerability Details

Description

scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to authentication cookies and headers exposure and possible privilege escalation.

Published: 2026-05-19

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The scalar/astro v0.1.13 Proxy endpoint accepts a scalar_url query parameter used to fetch a remote resource. The parameter is not authenticated or validated, allowing any attacker‑controlled URL to be requested. This Server‑Side Request Forgery lets unauthenticated attackers force the backend to send HTTP requests to external or internal hosts, potentially leaking authentication cookies or headers and enabling privilege escalation. As a CWE‑918 flaw, the vulnerability can expose sensitive session data and compromise account integrity.

Affected Systems

The issue is limited to scalar/astro v0.1.13. The Scalar Proxy endpoint accepts the scalar_url parameter. No vendor product list is provided beyond scalar/astro. The SSRF flaw applies only to that specific version.

Risk and Exploitability

The CVSS score of 9.8 indicates extremely high severity. The EPSS score is less than 1%, suggesting a low current probability of exploitation, and the vulnerability is not cataloged in the CISA KEV. The likely attack vector is an unauthenticated HTTP request to the exposed endpoint with a crafted scalar_url. No special authentication or privileges are required on the backend to trigger the SSRF; an attacker only needs to send a request to that endpoint. If the backend includes authentication cookies or headers, they may be forwarded to the target URL, allowing credential leakage or other compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Scalar

Astro

100%

Version	Status	Scheme	Platform
`0.1.13`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade scalar/astro to the latest available version that fixes the SSRF issue
If an upgrade is not possible, disable the scalar_url query parameter or isolate the Scalar Proxy endpoint from external access
Implement outbound firewall rules or proxy restrictions that limit the backend server’s outgoing connections to trusted hosts only

Generated by OpenCVE AI on May 20, 2026 at 15:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0008.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
https://github.com/prassan10/ssrf-zero-click-ato-scalar

History

Wed, 20 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Title	Unrestricted SSRF Vulnerability in scalar/astro Proxy Endpoint

Wed, 20 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 20 May 2026 11:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Scalar Scalar astro
Vendors & Products		Scalar Scalar astro

Tue, 19 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
Title		Unrestricted SSRF Vulnerability in scalar/astro Proxy Endpoint
Weaknesses		CWE-918

Tue, 19 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to authentication cookies and headers exposure and possible privilege escalation.
References		https://github.com/prassan10/ssrf-zero-click-ato-scalar

Subscriptions

Scalar Astro

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-19T00:00:00.000Z

Updated: 2026-05-20T13:51:43.832Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30118

Vulnrichment

Updated: 2026-05-20T13:46:38.553Z

NVD

Status : Deferred

Published: 2026-05-19T16:16:20.103

Modified: 2026-05-20T14:16:39.930

Link: CVE-2026-30118

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-20T16:00:06Z

Weaknesses

CWE-918
Server-Side Request Forgery (SSRF)

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object