VYPR
← All advisories
Medium severity6.5GHSA Advisory· Published May 21, 2026· Updated May 21, 2026

FlaskBB: SSRF in get_image_info() via unrestricted avatar URL

CVE-2026-46556

Description

###Summary A Server-Side Request Forgery (SSRF) vulnerability in get_image_info() allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services (e.g., AWS 169.254.169.254). This is a blind SSRF with confirmed internal port scanning and internal API triggering capabilities. CVSS 6.5 Medium.

###Details In flaskbb/utils/helpers.py (line 571), the url parameter is passed directly to requests.get(url, stream=True) without any validation of scheme, host, or IP address. `` python# flaskbb/utils/helpers.py:571 def get_image_info(url: str): r = requests.get(url, timeout=(3.05, 27), stream=True) ``

Attack chain:

POST /user/settings/user-details (avatar URL)
→ ValidateAvatarURL.validate()    # validators.py:103
→ check_image(avatar)             # helpers.py:628
→ get_image_info(url)             # helpers.py:571
→ requests.get(url)               # No domain/IP restriction
Entry points:

/user/settings/user-details (any authenticated user)
/admin/users//edit (admin only)

###PoC submit.zip

Log in to FlaskBB as any user Navigate to Settings → User Details Enter http://169.254.169.254/latest/meta-data/ as the avatar URL Submit the form The server sends a GET request to the internal metadata endpoint

Three exploitation channels confirmed:

Server-side request: Captured on mock metadata server Internal port scan: check_image() returns distinct errors (CONN_REFUSED, NO_CONTENT_LENGTH, TYPE_NOT_ALLOWED, SUCCESS) that map internal network topology Internal API triggering: Mock APIs on 127.0.0.1:9200 triggered via SSRF (deploy, shutdown, key dump endpoints)

###Impact Any authenticated user is impacted. Attackers can force the server to request internal services, cloud metadata endpoints, or private network resources. On cloud deployments (AWS/GCP/Azure), IAM credentials can be leaked. In production, any GET-triggered internal service is reachable: CI/CD webhooks, Elasticsearch, etcd, Consul, etc.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated SSRF in FlaskBB avatar handler lets attackers reach cloud metadata and internal services.

Vulnerability

CVE-2026-46556 is a Server-Side Request Forgery (SSRF) vulnerability in the FlaskBB forum software, specifically in the get_image_info() function located in flaskbb/utils/helpers.py at line 571. The function accepts a user-supplied URL and passes it directly to requests.get(url, stream=True) without any validation of the scheme, host, or IP address [1]. This lack of sanitization allows an attacker to force the server to make HTTP requests to arbitrary internal or external destinations.

Exploitation

The primary attack vector is through the user avatar URL setting. Any authenticated user can navigate to /user/settings/user-details and enter an arbitrary URL as the avatar URL [1]. The application then calls ValidateAvatarURL.validate() and check_image(), which ultimately invokes get_image_info() with the attacker-controlled URL. An attacker could enter http://169.254.169.254/latest/meta-data/ to target cloud metadata services. The attack is also possible from the admin panel (/admin/users//edit) but only requires any valid user account [2]. Confirmed exploitation channels include blind SSRF, internal port scanning via distinct error messages (e.g., CONN_REFUSED, NO_CONTENT_LENGTH), and triggering internal APIs (e.g., on 127.0.0.1:9200) [1].

Impact

A successful attack allows an authenticated user to force the server to probe and interact with internal network resources. In cloud environments (AWS, GCP, Azure), this can lead to the exfiltration of IAM credentials from instance metadata services. In production, the attacker may reach other internal HTTP-based services such as CI/CD webhooks, Elasticsearch, etcd, or Consul APIs [2]. The vulnerability is classified as CWE-918 and has a CVSS score of 6.5 (Medium).

Mitigation

As of the publication date, no patch has been released. The advisory recommends implementing strict validation of the URL scheme and host, such as blocking private IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and 169.254.0.0/16) and disallowing access to loopback addresses [2]. Until a fix is applied, affected instances should be isolated from sensitive internal networks or the avatar URL feature should be disabled.

References
  1. CVE-2026-46556 - GitHub Advisory Database
  2. SSRF in get_image_info() via unrestricted avatar URL (CWE-918)

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Flaskbb/FlaskbbGHSA2 versions
    <= 2.2.0+ 1 more
    • (no CPE)range: <= 2.2.0
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.