Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

7.2CVSS5.7AI score0.00228EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/06/05 9:5 a.m.98 views

Exploit for Server-Side Request Forgery in Apeworx Web3.Py

CVE-2026-40072 SSRF Lab Hands-on local lab to demonstrate CVE...

7.2CVSS5.5AI score0.00228EPSS
Exploits2
Veracode
Veracode
added 2026/04/18 5:36 a.m.6 views

Server-Side Request Forgery (SSRF)

web3.py is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to web3.py directly processing contract-supplied URLs in its CCIP Read/OffchainLookup EIP-3668 implementation without validating the destination, which allows an attacker to craft a malicious smart contract that...

7.2CVSS6AI score0.00228EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2026/04/09 6:17 p.m.6 views

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

7.2CVSS0.00228EPSS
Exploits2References2
OSV
OSV
added 2026/04/09 5:41 p.m.2 views

CVE-2026-40072 web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6.1AI score0.00228EPSS
Exploits2References4
CVE
CVE
added 2026/04/09 5:41 p.m.28 views

CVE-2026-40072

CVE-2026-40072 – SSRF via CCIP Read in web3.py Affected: web3.py (Python library) versions 6.0.0b3 through before 7.15.0 and 8.0.0b2. The CCIP Read / OffchainLookup (EIP-3668) implementation fetches URLs supplied by contracts without destination validation and with default-on exposure (global_cci...

7.2CVSS6AI score0.00228EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 5:41 p.m.1 views

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6AI score0.00228EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/04/09 5:41 p.m.25 views

CVE-2026-40072 web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS0.00228EPSS
Exploits2References2
EUVD
EUVD
added 2026/04/09 5:41 p.m.7 views

EUVD-2026-21000

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6AI score0.00228EPSS
Exploits2References2
OSV
OSV
added 2026/04/04 6:38 a.m.22 views

GHSA-5HR4-253G-CPX2 web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

Summary web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these contract-supplied URLs directly after sender / data template substitution without any destination validation...

7.2CVSS6AI score0.00228EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/04/04 6:38 a.m.21 views

web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

Summary web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these contract-supplied URLs directly after sender / data template substitution without any destination validation...

7.2CVSS6AI score0.00228EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.14 views

PT-2026-31674

Name of the Vulnerable Software and Affected Versions web3.py versions 6.0.0b3 through 7.15.0 web3.py versions 6.0.0b3 through 8.0.0b2 Description web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in the offchain lookup...

7.2CVSS6AI score0.00228EPSS
Exploits2References6
Rows per page
Query Builder