Description
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward internal/private network destinations, these protections could be bypassed through crafted HTTP redirect chains. By leveraging attacker-controlled redirects, an authenticated user could cause vulnerable application components to initiate requests toward internally reachable Docker network services accessible from the application environment. The issue affected multiple processing paths, including crawler-related functionality and video download processing flows. Version 0.32.0 contains a patch.
Published: 2026-05-26
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Karakeep versions older than 0.32.0 suffer from a Server‑Side Request Forgery bypass that allows an authenticated user to craft a chain of HTTP redirects. This chain can redirect the application’s internal request mechanism to internal or private network addresses, enabling the attacker to reach services that are otherwise unreachable, potentially exposing sensitive data or creating a pivot point for further attacks. The weakness is a classic SSRF scenario (CWE‑918).

Affected Systems

Karakeep application, all installations running any version prior to 0.32.0.

Risk and Exploitability

The vulnerability has a CVSS score of 7.6. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated user who can influence redirect chains; the attacker can trigger internal requests to Docker network services that the application can access. Because the application enforces internal‑network protections that are bypassed via redirects, the attack vector is actively exploitable in the context described.

Generated by OpenCVE AI on May 26, 2026 at 15:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Karakeep application to version 0.32.0 or later to apply the vendor patch.
  • If an upgrade is delayed, restrict outbound HTTP requests from the application to only externally reachable hosts by enforcing a firewall or network segmentation that blocks internal Docker network addresses.
  • Disable or strictly validate redirect handling in crawler and video download components to prevent redirect chains from reaching internal networks.

Generated by OpenCVE AI on May 26, 2026 at 15:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Karakeep
Karakeep karakeep
Vendors & Products Karakeep
Karakeep karakeep

Tue, 26 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward internal/private network destinations, these protections could be bypassed through crafted HTTP redirect chains. By leveraging attacker-controlled redirects, an authenticated user could cause vulnerable application components to initiate requests toward internally reachable Docker network services accessible from the application environment. The issue affected multiple processing paths, including crawler-related functionality and video download processing flows. Version 0.32.0 contains a patch.
Title Karakeep has a SSRF Protection Bypass via Redirect Handling
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L'}

Subscriptions

Karakeep Karakeep
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-26T15:23:39.874Z

Reserved: 2026-05-08T18:45:10.097Z

Link: CVE-2026-45082

cve-icon Vulnrichment

Updated: 2026-05-26T15:22:42.637Z

cve-icon NVD

Status : Deferred

Published: 2026-05-26T15:16:38.693

Modified: 2026-05-26T20:24:19.650

Link: CVE-2026-45082

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T09:30:26Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)