PYSEC-2026-2479

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/flaskbb/PYSEC-2026-2479.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2479
Aliases
Published
2026-07-13T15:19:10.820662Z
Modified
2026-07-13T16:31:46.478606305Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
FlaskBB: SSRF in get_image_info() via unrestricted avatar URL
Details

Summary

A Server-Side Request Forgery (SSRF) vulnerability in getimageinfo() allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services (e.g., AWS 169.254.169.254). This is a blind SSRF with confirmed internal port scanning and internal API triggering capabilities. CVSS 6.5 Medium.

Details

In flaskbb/utils/helpers.py (line 571), the url parameter is passed directly to requests.get(url, stream=True) without any validation of scheme, host, or IP address.

python# flaskbb/utils/helpers.py:571
def get_image_info(url: str):
    r = requests.get(url, timeout=(3.05, 27), stream=True)

Attack chain:

POST /user/settings/user-details (avatar URL)
→ ValidateAvatarURL.validate()    # validators.py:103
→ check_image(avatar)             # helpers.py:628
→ get_image_info(url)             # helpers.py:571
→ requests.get(url)               # No domain/IP restriction
Entry points:

/user/settings/user-details (any authenticated user)
/admin/users/<id>/edit (admin only)

PoC

submit.zip

Log in to FlaskBB as any user Navigate to Settings → User Details Enter http://169.254.169.254/latest/meta-data/ as the avatar URL Submit the form The server sends a GET request to the internal metadata endpoint

Three exploitation channels confirmed:

Server-side request: Captured on mock metadata server Internal port scan: checkimage() returns distinct errors (CONNREFUSED, NOCONTENTLENGTH, TYPENOTALLOWED, SUCCESS) that map internal network topology Internal API triggering: Mock APIs on 127.0.0.1:9200 triggered via SSRF (deploy, shutdown, key dump endpoints)

Impact

Any authenticated user is impacted. Attackers can force the server to request internal services, cloud metadata endpoints, or private network resources. On cloud deployments (AWS/GCP/Azure), IAM credentials can be leaked. In production, any GET-triggered internal service is reachable: CI/CD webhooks, Elasticsearch, etcd, Consul, etc.

References

Affected packages

PyPI / flaskbb

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.2.0

Affected versions

2.*
2.0.0.dev0
2.0.0
2.0.1
2.0.2
2.2.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/flaskbb/PYSEC-2026-2479.yaml"