Streamlit Open Source versions running on Windows that precede 1.54.0 possess an unauthenticated server‑side request forgery flaw. The flaw stems from inadequate validation of filesystem paths supplied by an attacker. When a malicious UNC path such as \\attacker-host\share is provided, the Streamlit process resolves the path using functions like os.path.realpath() before performing full validation. This allows the server to initiate outbound SMB traffic on port 445. As Windows attempts to authenticate to the remote SMB share, the NTLMv2 challenge‑response credentials of the user account under which the Streamlit process runs may be transmitted. An attacker could leverage this to execute NTLM relay attacks against other internal services or to discover reachable SMB hosts through timing analysis, thereby compromising confidentiality and integrity of the underlying environment.

The affected systems are installations of the Streamlit framework, specifically the streamlit:streamlit product. Any Windows host running Streamlit Open Source prior to version 1.54.0 is vulnerable. The flaw is tied to code paths within the ComponentRequestHandler component and manifests when UNC paths are supplied by an unauthenticated client, so the impact is limited to environments where Streamlit is exposed on the network.

The CVSS score of 4.7 indicates moderate severity, and the vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. EPSS data is unavailable, but the attack requires the attacker to direct a malformed request to a vulnerable Streamlit instance; the path may be discovered by scanning the network. Exploitation would succeed without special privileges beyond network reachability to the Streamlit server. Given the potential for NTLM credential leakage and relay attacks, the risk is non‑trivial in environments with sensitive internal services.