VYPR
Critical severityGHSA Advisory· Published May 19, 2026

rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

CVE-2026-45568

Description

Summary

Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response to Bob.

Details

The Python SDK proxy route accepts every path under the share:

@app.route('/', defaults={'path': ''}, methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'])
@app.route('/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'])
def proxy(path):

It constructs the outbound URL with urljoin and then sends the request:

url = urllib.parse.urljoin(self.target, path)
resp = requests.request(
    method=request.method,
    url=url,
    headers={key: value for (key, value) in request.headers
             if key.lower() not in HOP_BY_HOP_HEADERS},
    data=request.get_data(),
    cookies=request.cookies,
    allow_redirects=False,
    stream=True,
    verify=self.verify_ssl
)

When path is `http://127.0.0.1:19190/metadata`, urljoin(self.target, path) returns `http://127.0.0.1:19190/metadata`. The proxy sends the request to Bob's chosen URL rather than Alice's target.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
zrokPyPI
>= 0.4.47, <= 1.1.11

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.