{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T03:17:39.450","vulnerabilities":[{"cve":{"id":"CVE-2026-27829","sourceIdentifier":"security-advisories@github.com","published":"2026-02-26T01:16:24.390","lastModified":"2026-03-09T20:47:35.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed — the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue."},{"lang":"es","value":"Astro es un framework web. En las versiones 9.0.0 a 9.5.3, un error en la pipeline de imágenes de Astro permite eludir las restricciones de `image.domains` / `image.remotePatterns`, lo que permite al servidor obtener contenido de hosts remotos no autorizados. Astro proporciona una opción `inferSize` que obtiene imágenes remotas en el momento de la renderización para determinar sus dimensiones. La obtención de imágenes remotas está destinada a restringirse a dominios que el desarrollador del sitio ha autorizado manualmente (utilizando las opciones `image.domains` o `image.remotePatterns`). Sin embargo, cuando se utiliza `inferSize`, no se realiza ninguna validación de dominio — la imagen se obtiene de cualquier host independientemente de las restricciones configuradas. Un atacante que puede influir en la URL de la imagen (por ejemplo, a través de contenido de CMS o datos proporcionados por el usuario) puede hacer que el servidor obtenga contenido de hosts arbitrarios. Esto permite eludir las restricciones de `image.domains` / `image.remotePatterns` para realizar peticiones del lado del servidor a hosts no autorizados. Esto incluye el riesgo de falsificación de petición del lado del servidor (SSRF) contra servicios de red internos y puntos finales de metadatos en la nube. La versión 9.5.4 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:astro:\\@astrojs\\/node:*:*:*:*:*:node.js:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.5.4","matchCriteriaId":"4544AFCE-A719-4079-859C-E356B5871A4C"}]}]}],"references":[{"url":"https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622c9","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}