CVE-2026-25493 Overview
CVE-2026-25493 is a Server-Side Request Forgery (SSRF) vulnerability affecting Craft CMS, a popular platform for creating digital experiences. The vulnerability exists in the saveAsset GraphQL mutation, which performs initial validation of URL hostnames and resolved IP addresses against a blocklist. However, because the underlying Guzzle HTTP client follows HTTP redirects by default, an attacker can bypass all SSRF protections by hosting a malicious redirect that points to cloud metadata endpoints or internal IP addresses.
Critical Impact
Attackers can bypass SSRF protections to access cloud metadata services (such as AWS IMDSv1 at 169.254.169.254), internal network resources, and sensitive configuration data that should be inaccessible from external requests.
Affected Products
- Craft CMS versions 4.0.0-RC1 through 4.16.17
- Craft CMS versions 5.0.0-RC1 through 5.8.21
Discovery Timeline
- 2026-02-09 - CVE-2026-25493 published to NVD
- 2026-02-09 - Last updated in NVD database
Technical Details for CVE-2026-25493
Vulnerability Analysis
This SSRF vulnerability (CWE-918) exploits a fundamental flaw in how Craft CMS validates URLs before making server-side HTTP requests. The saveAsset GraphQL mutation implements URL validation that checks the initial hostname and its resolved IP address against a blocklist of restricted addresses. This blocklist typically includes private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and cloud metadata service addresses (169.254.169.254).
The critical oversight is that while the initial URL is validated, the Guzzle HTTP client library follows HTTP redirects automatically. An attacker can host a benign-looking URL on an external server that passes validation, but when requested, returns an HTTP 301/302 redirect response pointing to a forbidden internal resource. Since the redirect target is never validated against the blocklist, the server dutifully follows the redirect and fetches the restricted resource.
Root Cause
The root cause is insufficient validation of redirect destinations in the URL fetching logic. The SSRF protection only validates the initial request URL but fails to account for Guzzle's default behavior of automatically following HTTP redirects (up to 5 redirects by default). This creates a Time-of-Check Time-of-Use (TOCTOU) style vulnerability where the validated URL differs from the actually fetched resource.
Attack Vector
An attacker can exploit this vulnerability through the following attack chain:
- The attacker sets up an external web server under their control
- The attacker configures the server to respond with an HTTP 302 redirect to a forbidden target (e.g., http://169.254.169.254/latest/meta-data/iam/security-credentials/)
- The attacker submits a saveAsset GraphQL mutation with their external URL
- Craft CMS validates the external URL against the blocklist - it passes because the hostname resolves to a public IP
- Guzzle makes the HTTP request and receives the redirect response
- Guzzle automatically follows the redirect to the cloud metadata endpoint
- The attacker receives sensitive cloud credentials or internal data through the asset saving response
This technique is particularly dangerous in cloud environments where the instance metadata service can expose IAM credentials, API keys, and other sensitive configuration data.
Detection Methods for CVE-2026-25493
Indicators of Compromise
- Unexpected outbound HTTP requests from your Craft CMS server to internal IP ranges (10.x.x.x, 172.16.x.x-172.31.x.x, 192.168.x.x)
- HTTP requests to cloud metadata endpoints (169.254.169.254) originating from the web application process
- GraphQL mutation logs showing saveAsset operations with unusual external URLs
- Error logs indicating connection attempts to internal services that shouldn't be accessible
Detection Strategies
- Implement network monitoring to detect HTTP requests to private IP ranges and cloud metadata services from your web application servers
- Enable and review GraphQL query logging in Craft CMS to identify suspicious saveAsset mutation patterns
- Deploy web application firewalls (WAF) with rules to block SSRF-related patterns in GraphQL requests
- Monitor for unusual redirect chains in outbound HTTP traffic from your application servers
Monitoring Recommendations
- Configure alerting for any outbound connections from Craft CMS to the AWS/GCP/Azure metadata IP addresses (169.254.169.254, 169.254.170.2)
- Implement egress filtering and logging to track all outbound HTTP requests made by the application
- Review Craft CMS access logs for GraphQL endpoint activity with high frequency or unusual patterns
How to Mitigate CVE-2026-25493
Immediate Actions Required
- Upgrade Craft CMS 4.x installations to version 4.16.18 or later immediately
- Upgrade Craft CMS 5.x installations to version 5.8.22 or later immediately
- If unable to upgrade immediately, disable GraphQL API access or restrict it to authenticated administrators only
- Implement network-level egress filtering to block requests to internal IP ranges and metadata services
Patch Information
Craft CMS has released security patches in versions 4.16.18 and 5.8.22 that address this vulnerability. The fix validates redirect destinations against the same blocklist used for initial URL validation, preventing attackers from using redirects to bypass SSRF protections.
For detailed patch information, see:
Workarounds
- Disable the GraphQL API entirely if not required by setting enableGql to false in your general config
- Restrict GraphQL API access to trusted networks or authenticated users only using Craft's built-in permissions
- Implement network-level egress controls using security groups or firewall rules to prevent the server from making requests to internal IP ranges
- Enable IMDSv2 on AWS EC2 instances to require session tokens for metadata access, reducing the impact of SSRF attacks
# Example: Disable GraphQL in Craft CMS config/general.php
# Add or modify the following configuration
'enableGql' => false,
# For AWS environments, enforce IMDSv2 on your instances:
aws ec2 modify-instance-metadata-options \
--instance-id i-1234567890abcdef0 \
--http-tokens required \
--http-endpoint enabled
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
