{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33769", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T18:30:14.127Z", "datePublished": "2026-03-24T18:44:29.169Z", "dateUpdated": "2026-03-24T20:13:25.845Z"}, "containers": {"cna": {"title": "Astro: Remote allowlist bypass via unanchored matchPathname wildcard", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/withastro/astro/security/advisories/GHSA-g735-7g2w-hh3f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/withastro/astro/security/advisories/GHSA-g735-7g2w-hh3f"}], "affected": [{"vendor": "withastro", "product": "astro", "versions": [{"version": ">= 2.10.10, < 5.18.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T18:44:29.169Z"}, "descriptions": [{"lang": "en", "value": "Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for /* wildcards is unanchored, so a pathname that contains the allowed prefix later in the path can still match. As a result, an attacker can fetch paths outside the intended allowlisted prefix on an otherwise allowed host. This issue has been patched in version 5.18.1."}], "source": {"advisory": "GHSA-g735-7g2w-hh3f", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T20:13:00.226310Z", "id": "CVE-2026-33769", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T20:13:25.845Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33769", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T20:13:00.226310Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T20:13:11.332Z"}}], "cna": {"title": "Astro: Remote allowlist bypass via unanchored matchPathname wildcard", "source": {"advisory": "GHSA-g735-7g2w-hh3f", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.9, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "withastro", "product": "astro", "versions": [{"status": "affected", "version": ">= 2.10.10, < 5.18.1"}]}], "references": [{"url": "https://github.com/withastro/astro/security/advisories/GHSA-g735-7g2w-hh3f", "name": "https://github.com/withastro/astro/security/advisories/GHSA-g735-7g2w-hh3f", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for /* wildcards is unanchored, so a pathname that contains the allowed prefix later in the path can still match. As a result, an attacker can fetch paths outside the intended allowlisted prefix on an otherwise allowed host. This issue has been patched in version 5.18.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T18:44:29.169Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33769", "state": "PUBLISHED", "dateUpdated": "2026-03-24T20:13:25.845Z", "dateReserved": "2026-03-23T18:30:14.127Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-24T18:44:29.169Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for /* wildcards is unanchored, so a pathname that contains the allowed prefix later in the path can still match. As a result, an attacker can fetch paths outside the intended allowlisted prefix on an otherwise allowed host. This issue has been patched in version 5.18.1."}, {"lang": "es", "value": "Astro es un framework web. Desde la versi\u00f3n 2.10.10 hasta antes de la versi\u00f3n 5.18.1, este problema concierne la aplicaci\u00f3n de rutas de remotePatterns de Astro para URLs remotas utilizadas por capturadores del lado del servidor, como el endpoint de optimizaci\u00f3n de im\u00e1genes. La l\u00f3gica de coincidencia de rutas para comodines /* no est\u00e1 anclada, por lo que un nombre de ruta que contenga el prefijo permitido m\u00e1s adelante en la ruta a\u00fan puede coincidir. Como resultado, un atacante puede obtener rutas fuera del prefijo permitido previsto en un host que de otro modo estar\u00eda permitido. Este problema ha sido parcheado en la versi\u00f3n 5.18.1."}], "id": "CVE-2026-33769", "lastModified": "2026-03-25T15:41:58.280", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-24T19:16:55.837", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/withastro/astro/security/advisories/GHSA-g735-7g2w-hh3f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.10.10,5.18.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "astro", "source": "cna", "vendor": "withastro"}, "product": "astro", "vendor": "withastro"}], "analysis": {"en": {"generated_at": "2026-03-24T21:05:44.332651+00:00", "value": {"mitigation_remediation": ["Upgrade Astro to version 5.18.1 or later", "If upgrading is not immediately possible, revise the remotePatterns configuration to eliminate wildcard prefixes or otherwise restrict the allowed pathname", "Disable the image optimization endpoint or any server\u2011side fetch functionality if it is not required by the application", "Verify that no untrusted remote URLs are processed through the affected endpoints and monitor traffic for suspicious fetch activity"], "summary": {"action": "Apply Patch", "impact": "Unauthorized content fetch via wildcard bypass"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the withastro:astro framework in releases from version 2.10.10 up to, but not including, version 5.18.1. Any installation of these releases that configures remotePatterns to permit wildcard prefixes is susceptible.", "description_and_impact": "Astro\u2019s server\u2011side fetchers, such as the image optimization endpoint, use a configuration option called remotePatterns to control which remote URLs may be fetched. For a path wildcard of the form /* the matching logic is unanchored, meaning that a pathname which only contains the allowed prefix later in the path still satisfies the pattern. Consequently, an attacker can supply a URL that points to a host that is otherwise allowed but whose path includes the allowed prefix as a suffix, allowing the server to retrieve any resource on that host. This increases the risk of unintended data exposure or inadvertent execution of malicious resources.", "risk_and_exploitability": "The CVSS score of 2.9 indicates a low severity rating. No EPSS score is available, and the issue is not listed in the CISA KEV catalog. The flaw can be exercised remotely without requiring authentication by sending a request that triggers the image optimization endpoint with a malicious remote URL. The primary consequence is the ability to retrieve arbitrary files from an otherwise allowed host, which could aid other attacks if the fetched content is subsequently executed or processed."}}}}, "created": "2026-03-25T11:46:30.520127+00:00", "updated": "2026-03-25T20:57:56.284066+00:00", "vendors": ["withastro", "withastro$PRODUCT$astro"]}