Description
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\attacker-controlled-host\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0.
Published: 2026-03-26
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: NTLM credential exposure via SSRF
Action: Immediate Patch
AI Analysis

Impact

It is a server‑side request forgery in Streamlit Open Source that lets an unauthenticated attacker supply a UNC path. The server resolves the path with os.path.realpath or Path.resolve before validating it, causing the Windows process to open an SMB connection on port 445. During OS authentication the Windows user’s NTLMv2 credentials are sent, allowing an attacker to perform an NTLM relay attack against internal services or map usable SMB hosts timing‑wise. The flaw is classified as CWE‑918 and enables credential theft rather than direct code execution.

Affected Systems

All Streamlit Open Source deployments running on Windows that use a version earlier than 1.54.0 are affected. The issue occurs in the ComponentRequestHandler code path that handles arbitrary filesystem paths requested by users. Any instance that exposes the default HTTP port to the network and accepts user‑supplied paths may be vulnerable.

Risk and Exploitability

The CVSS base score is 4.7, indicating medium impact, while the EPSS score is below 1 % and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires making an unauthenticated HTTP request to the Streamlit server with a crafted UNC path; no privileged shell or memory corruption is needed. Therefore the likelihood of exploitation is currently low, but because the vulnerability leaks NTLM credentials it poses a significant risk if the host is in an internal network with other services.

Generated by OpenCVE AI on April 2, 2026 at 04:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Streamlit to version 1.54.0 or later.
  • Ensure the application runs on Windows hosts only with the patched version; verify that no older 1.53.x or earlier versions remain.
  • Restrict inbound traffic to the Streamlit service with a firewall or network rules to block external UNC path requests.
  • Monitor SMB connection logs and HTTP request patterns for anomalous UNC paths to detect potential exploitation attempts.

Generated by OpenCVE AI on April 2, 2026 at 04:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7p48-42j8-8846 Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)
History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Snowflake
Snowflake streamlit
CPEs cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:windows:*:*
Vendors & Products Snowflake
Snowflake streamlit

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Streamlit
Streamlit streamlit
Vendors & Products Streamlit
Streamlit streamlit

Thu, 26 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\attacker-controlled-host\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0.
Title Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Snowflake Streamlit
Streamlit Streamlit
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T20:00:36.574Z

Reserved: 2026-03-23T16:34:59.931Z

Link: CVE-2026-33682

cve-icon Vulnrichment

Updated: 2026-03-27T14:11:17.397Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T22:16:30.880

Modified: 2026-04-01T13:28:47.470

Link: CVE-2026-33682

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:56:10Z

Weaknesses