Astro implements remote pattern allowlists for server‑side fetchers, such as the image optimization endpoint. In versions 2.10.10 through 5.18.0 the wildcard logic that matches a pathname is unanchored, meaning a request path that contains the permitted prefix later in the URL can still satisfy the rule. Consequently, an attacker can craft a URL that points to a resource outside the intended prefix on an otherwise allowed host, enabling unauthorized retrieval of remote content. This flaw exposes the application to inadvertent data leakage but does not lead to code execution or privilege escalation.

The vulnerability affects the Astro web framework from the vendor withastro:astro. It is present in releases from 2.10.10 up to, but not including, 5.18.1. All Node.js environments that run Astro are impacted, because the flaw resides in the framework rather than the underlying runtime. Users running any of these Astro versions should be aware that their remote resource fetch endpoints could be abused.

The CVSS score of 2.9 indicates a low severity, and the EPSS score is below 1 %, suggesting a very low probability that attackers will target this flaw in the near term. The vulnerability is not listed in the KEV catalog, which means no confirmed exploit activity has been reported. Exploitation requires sending malicious requests to an Astro application that uses the affected image optimization or fetch resolution features with unfiltered remotePatterns. Thus, the likely attack vector is remote, via crafted URLs to a public endpoint. While the impact is limited to unauthorized data access, the flaw still calls for mitigation to prevent potential data leakage.