CVEFinder.io

CVE-2026-30118

🔶 medium
🔍 Scan for this CVE
Summary

scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to authentication cookies and headers exposure and possible privilege escalation.

CVSS Score
-
EPSS Score
-
Published Date
2026-05-19
First Seen: 2026-05-20
Last Modified 2026-05-19
Source NVD 🔗

📦 Affected Products 0

No affected products information available

🔗 References 1

https://github.com/prassan10/ssrf-zero-click-ato-scalar