rendertron is vulnerable to sever-side request forgery (SSRF). The vulnerability exists as it allows the headless chrome to access the internal domains, forcing the rendertron headless chrome process to render internal sites and display the response as a screenshot.