Astro's @astrojs/vercel serverless entrypoint, before version 10.0.2, accepts the x-astro-path header and the x_astro_path query parameter to rewrite the internal request path without requiring any authentication. The rewrite keeps the original HTTP method and request body, which allows every method—including POST, PUT, and DELETE—to be directed at arbitrary paths. By crafting a request that targets a protected or administrative endpoint, an attacker can bypass Vercel platform‑level path restrictions and perform unauthorized actions. This flaw is a combination of path manipulation (CWE-441) and missing authorization checks (CWE-862), and can affect confidentiality, integrity, and availability of the application. No code execution capabilities are granted directly through this path override; however, the ability to reach restricted resources may enable further attacks depending on the underlying application logic.

The vulnerability applies to Astro framework deployments that use the @astrojs/vercel serverless entrypoint with a version older than 10.0.2. It is relevant to sites on the Vercel platform that do not use Edge Middleware, as the path override can divert requests from a public URL to any internal route such as "/admin/*". Clients should verify they are running @astrojs/vercel 10.0.2 or newer and that any edge or firewall rules are correctly configured.

The CVSS score of 6.5 reflects moderate severity, and the EPSS score of less than 1% indicates that widespread exploitation is unlikely at present. The flaw is not listed in the CISA KEV catalog. An attacker can exploit the issue remotely by sending unauthenticated HTTP requests with the vulnerable header or query parameter; no additional privileges or credentials are required. Once exploited, the attacker can target any protected route, potentially enabling data manipulation or deletion.