CVE-2026-27829

Astro versions 9.0.0–9.5.3 contain a bug in the image pipeline where inferSize fetches remote images at render time without validating domains, allowing SSRF by fetching from arbitrary hosts despite image.domains/image.remotePatterns restrictions. An attacker who can influence the image URL (e.g....

CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

GHSA-CJ9F-H6R6-4CX2 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Summary A bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Details Astro provides an inferSize option that fetches remote images at render time to determine their dimensions. Remo...

Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Summary A bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Details Astro provides an inferSize option that fetches remote images at render time to determine their dimensions. Remo...