The vulnerability exists in Astro web framework versions prior to 6.4.6. When an SSR application renders a prerendered error page, it fetches the page over HTTP at runtime. The fetch URL is constructed from request.url, which in turn derives its origin from the incoming Host header. Because the Host header is not validated against allowed domains, an attacker can supply a malicious host value, causing the server to make an internal request to an arbitrary URL and retrieve the response. This allows remote extraction of data from internal or external hosts, effectively an SSRF that can lead to data exfiltration or further attacks. The weakness maps to general input validation failures (CWE-20) and server‑side request forgery (CWE-918).

It affects applications built with the Astro framework, specifically versions older than 6.4.6. The issue occurs in both server‑side rendered and statically prerendered error handling flows when export const prerender = true is used. Astro 6.4.6 and newer contain a fix that validates the Host header against a list of allowed domains before constructing the error‑page fetch URL.

The CVSS base score is 7.5, indicating a high severity. The EPSS score is unavailable, so the historical exploitation probability is unknown, but the lack of a KEV listing suggests no widespread known exploitation yet. The likely attack vector is HTTP request manipulation, specifically by supplying a crafted Host header when accessing a route that triggers an error or by causing an internal error. An attacker who can control the Host header can force the server to reach any arbitrary host, read its response, and potentially use the data for further attacks such as credential theft or remote code execution on downstream services.