CVE-2026-41321 @astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpoint

@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP...

CVE-2026-41321 @astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpoint

@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP...

GHSA-88GM-J2WX-58H6 Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)

Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...

PT-2026-34823

Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...

opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler. The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

EUVD-2025-28804

Malicious code in bioql PyPI...

CVE-2025-8723

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

Exploit for CVE-2025-8723

⚡️ Cloudflare Image Resizing Description: The plugin'...

CVE-2025-8723

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

CVE-2025-8723

CVE-2025-8723 affects the Cloudflare Image Resizing plugin for WordPress. The vulnerability arises from missing authentication and insufficient sanitization in the hook_rest_pre_dispatch() method, affecting all versions up to and including 1.5.6. This enables unauthenticated attackers to inject a...

CVE-2025-8723 Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

CVE-2025-8723 Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hookrestpredispatch method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject...

WordPress plugin Cloudflare Image Resizing 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2025-33714

Name of the Vulnerable Software and Affected Versions: Cloudflare Image Resizing plugin for WordPress versions up to and including 1.5.6 Description: The Cloudflare Image Resizing plugin for WordPress is susceptible to Remote Code Execution RCE due to missing authentication and insufficient...

WordPress Cloudflare Image Resizing plugin <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook vulnerability

Missing Authentication to Unauthenticated Remote Code Execution via restpredispatch Hook vulnerability discovered by kr0d in WordPress Plugin Cloudflare Image Resizing versions = 1.5.6...