Astro: Host header SSRF in prerendered error page fetch
Description
Astro SSR apps with prerendered 404/500 pages are vulnerable to Host header SSRF, allowing attackers to read responses from arbitrary hosts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Astro SSR apps with prerendered 404/500 pages are vulnerable to Host header SSRF, allowing attackers to read responses from arbitrary hosts.
Vulnerability
Astro SSR deployments using createRequestFromNodeRequest from astro/app/node with app.render() and having a prerendered /404 or /500 page are vulnerable to a server-side request forgery (SSRF) because the Host header is not validated against allowedDomains when constructing the URL for fetching these error pages at runtime. The internal builder createRequestFromNodeRequest builds request.url from the raw Host or :authority header, and the allowedDomains option only gates X-Forwarded-For, not the URL origin. This affects versions prior to the fix; @astrojs/node >= 9.5.4, @astrojs/cloudflare, and the dev server are not affected. [1]
Exploitation
An attacker sends a request with a malicious Host header (e.g., Host: attacker-host:port) to the vulnerable Astro SSR server, targeting a nonexistent path to trigger a 404 error. Because the server has a prerendered 404 page, app.render() constructs the error page URL using the origin from request.url (derived from the attacker-controlled Host header) and fetches it via the default prerenderedErrorPageFetch (global fetch). The response from the attacker-controlled host is then served to the client. [1]
Impact
A successful exploit allows an SSRF attack where the attacker can read the response from an arbitrary host, potentially accessing internal services or sensitive information that the server can communicate with. The attacker controls the response body that gets reflected to the client, which could be used for further attacks such as XSS or data exfiltration. [1]
Mitigation
The vulnerability is patched in Astro versions where the error page fetch origin is now validated against allowedDomains before use. When the host is validated, the original origin is preserved; otherwise, it falls back to localhost. The fetch is also wrapped in a try/catch to degrade gracefully. Users should update to the latest version of @astrojs/node (>=9.5.4) or configure their custom adapters accordingly. No KEV listing is noted. [1]
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.