5 matches found
EUVD-2026-14984
Astro: Remote allowlist bypass via unanchored matchPathname wildcard...
CVE-2026-33769
Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...
CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard
Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...
CVE-2026-33769
CVE-2026-33769 affects the Astro web framework. From version 2.10.10 up to before 5.18.1, the remotePatterns path enforcement for remote URLs used by server-side fetchers (e.g., image optimization) uses an unanchored match for /* wildcards, allowing a pathname containing the allowed prefix later ...
PT-2026-27488
Name of the Vulnerable Software and Affected Versions Astro versions 2.10.10 through 5.18.0 Description Astro’s remotePatterns path enforcement for remote URLs used by server-side fetchers, such as the image optimization endpoint, is affected by an issue. The path matching logic for / wildcards i...