CVE-2026-25545
published 2026-02-24CVE-2026-25545: Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or…
PriorityP263high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
1.41%
69.4th percentile
Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to SSRF. If the `Host:` header is changed to an attacker's server, it will be fetched on `/500.html` and they can redirect this to any internal URL to read the response body through the first request. An attacker who can access the application without `Host:` header validation (eg. through finding the origin IP behind a proxy, or just by default) can fetch their own server to redirect to any internal IP. With this they can fetch cloud metadata IPs and interact with services in the internal network or localhost. For this to be vulnerable, a common feature needs to be used, with direct access to the server (no proxies). Version 9.5.4 fixes the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| astro | astrojs_node | < 9.5.4 | 9.5.4 |
| astrojs | node | >= 0 < 9.5.4 | 9.5.4 |
| withastro | astro | < 9.5.4 | 9.5.4 |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
matchers: - type: dsl dsl: - 'contains(body, "")' - 'contains(header, "X-Interactsh-Version")' - 'status_code == 404' condition: and
- →Send a GET request to a non-existent path (triggering a 404/500 error page) with a manipulated Host header pointing to an out-of-band interaction server (e.g., oast.me). A successful SSRF is confirmed if the server fetches the attacker-controlled Host and the response contains the X-Interactsh-Version header. ↗
- →Monitor for outbound HTTP requests originating from the Astro SSR server process to cloud metadata endpoints (e.g., 169.254.169.254) or internal RFC-1918 addresses, especially triggered by 404/500 error page rendering. ↗
- →Look for anomalous Host header values in incoming requests to Astro SSR applications — particularly requests to paths that trigger prerendered error pages (404.astro, 500.astro) where the Host header does not match the expected application domain. ↗
- →Use Shodan query 'http.component:"Astro"' to identify exposed Astro SSR instances for asset inventory and patch prioritization. ↗
- ·Exploitation requires direct access to the Astro SSR server without Host header validation by an upstream proxy. Environments behind a reverse proxy that enforces/rewrites the Host header are not vulnerable. ↗
- ·The vulnerability is only triggered when a prerendered custom error page (404.astro or 500.astro) is configured and served. Applications without custom prerendered error pages are not affected by this specific attack path. ↗
- ·Both the astro package (fix in >= 5.17.3) and @astrojs/node (fix in >= 9.5.4) must be upgraded; the advisory references both packages as affected. ↗
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Astro has Full-Read SSRF in error rendering via Host: header injection
osv·2026-02-23
CVE-2026-25545 [MEDIUM] Astro has Full-Read SSRF in error rendering via Host: header injection
Astro has Full-Read SSRF in error rendering via Host: header injection
### Summary
Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to SSRF. If the `Host:` header is changed to an attacker's server, it will be fetched on `/500.html` and they can redirect this to any internal URL to read the response body through the first request.
### Details
The following line of code fetches `statusURL` and returns the response back to the client:
https://github.com/withastro/astro/blob/bf0b4bfc7439ddc565f61a62037880e4e701eb05/packages/astro/src/core/app/base.ts#L534
`statusURL` comes from `this.baseWithoutTrailingSlash`, which [is built from the `Host:` header](https://github.com/withastro/astro/blob/e5e3208ee5041a
GHSA
Astro has Full-Read SSRF in error rendering via Host: header injection
ghsa·2026-02-23
CVE-2026-25545 [MEDIUM] CWE-918 Astro has Full-Read SSRF in error rendering via Host: header injection
Astro has Full-Read SSRF in error rendering via Host: header injection
### Summary
Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to SSRF. If the `Host:` header is changed to an attacker's server, it will be fetched on `/500.html` and they can redirect this to any internal URL to read the response body through the first request.
### Details
The following line of code fetches `statusURL` and returns the response back to the client:
https://github.com/withastro/astro/blob/bf0b4bfc7439ddc565f61a62037880e4e701eb05/packages/astro/src/core/app/base.ts#L534
`statusURL` comes from `this.baseWithoutTrailingSlash`, which [is built from the `Host:` header](https://github.com/withastro/astro/blob/e5e3208ee5041a
No detection rules found.
Nuclei
Astro SSR - Server-Side Request Forgery
nuclei·CVSS 6.9
CVE-2026-25545 [MEDIUM] Astro SSR - Server-Side Request Forgery
Astro SSR - Server-Side Request Forgery
Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources.
Template:
id: CVE-2026-25545
info:
name: Astro SSR - Server-Side Request Forgery
author: ritikchaddha
severity: high
description: |
Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources.
impact: |
Full-read SSRF allowing access to internal services, cloud metadata endpoints (AWS/GCP/Azure IMDS), environment files, and any host reachable from the server.
remediation: |
Up
2026-02-24
Published