Server-side Request Forgery (SSRF)

Overview rembg is a Remove image background Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/remove endpoint, which accepts a URL parameter and fetches external resources. An attacker can access internal network resources and retrieve sensitive ima...

adversarial-attacks-white-black-box (=0.1.7), datagenkit (=0.1.1) +37 more potentially affected by unknown CVE via rembg (>=2.0.57 <=2.0.69)

rembg PYPI version =2.0.57, =0.0.3, =1.0.0, =1.9.2, =5.1.6, =2.12.0, =1.0.0, =0.1.0, =1.0.3, =0.0.7, =2.0.0, =1.0.0, =1.0.0, =1.0.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-55V6-G8PM-PW4C...

GHSA-55V6-G8PM-PW4C rembg server is vulnerable to Server-Side Request Forgery (SSRF) and a weak default CORS configuration

GitHub Security Lab GHSL Vulnerability Report, rembg: GHSL-2024-161, GHSL-2024-162 The GitHub Security Lab team has identified potential security vulnerabilities in rembg. We are committed to working with you to help resolve these issues. In this report you will find everything you need to...

adversarial-attacks-white-black-box (=0.1.7), datagenkit (=0.1.1) +37 more potentially affected by unknown CVE via rembg (>=2.0.57 <=2.0.69)

rembg PYPI version =2.0.57, =0.0.3, =1.0.0, =1.9.2, =5.1.6, =2.12.0, =1.0.0, =0.1.0, =1.0.3, =0.0.7, =2.0.0, =1.0.0, =1.0.0, =1.0.4 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-REMBG-15990989...

Rembg has a Path Traversal via Custom Model Loading

Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...

adversarial-attacks-white-black-box (=0.1.7), datagenkit (=0.1.1) +37 more potentially affected by CVE-2026-40086 via rembg (>=2.0.57 <=2.0.69)

rembg PYPI version =2.0.57, =0.0.3, =1.0.0, =1.9.2, =5.1.6, =2.12.0, =1.0.0, =0.1.0, =1.0.3, =0.0.7, =2.0.0, =1.0.0, =1.0.0, =1.0.4 and more Source cves: CVE-2026-40086 Source advisory: OSV:GHSA-3WQJ-33CG-XC48...

GHSA-3WQJ-33CG-XC48 Rembg has a Path Traversal via Custom Model Loading

Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...

CVE-2026-40086

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can...

Directory Traversal

Overview rembg is a Remove image background Affected versions of this package are vulnerable to Directory Traversal via the modelpath parameter in the HTTP server for custom model types u2netcustom, discustom, bencustom. An attacker can access arbitrary files on the server's filesystem by sending...

adversarial-attacks-white-black-box (=0.1.7), datagenkit (=0.1.1) +37 more potentially affected by CVE-2026-40086 via rembg (>=2.0.57 <=2.0.69)

rembg PYPI version =2.0.57, =0.0.3, =1.0.0, =1.9.2, =5.1.6, =2.12.0, =1.0.0, =0.1.0, =1.0.3, =0.0.7, =2.0.0, =1.0.0, =1.0.0, =1.0.4 and more Source cves: CVE-2026-40086 Source advisory: SNYK:PYTHON-REMBG-15969263...

CVE-2026-40086 Rembg has a Path Traversal via Custom Model Loading

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can...

CVE-2026-40086

Rembg: Path traversal in the HTTP server allows unauthenticated remote attackers to read arbitrary files via a crafted model_path parameter. Affected versions are prior to 2.0.75; the issue can reveal file existence, permissions, and potentially contents through error messages. The vulnerability ...

CVE-2026-40086

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can...

CVE-2026-40086 Rembg has a Path Traversal via Custom Model Loading

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can...

PT-2026-31984

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model path parameter, an attacker can...

Rembg 安全漏洞

Rembg is a tool developed by Daniel Gatis for deleting image backgrounds. Versions of Rembg prior to 2.0.75 contained security vulnerabilities, which were caused by insufficient validation of the HTTP server’s modelpath parameter, potentially allowing path traversal attacks...

EUVD-2025-6006

Malicious code in bioql PyPI...

EUVD-2025-6008

Malicious code in bioql PyPI...

Origin Validation Error

Rembg is vulnerable to Origin Validation Error. The vulnerability is due to improper CORS middleware configuration, which reflects all origins and sets allowcredentials to True, allowing any website to send authenticated cross-site requests to the Rembg server...

Server Side Request Forgery (SSRF)

Rembg is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, allowing an attacker to request internal network resources via the /api/remove endpoint...