CVE-2026-25991 Overview
CVE-2026-25991 is a Blind Server-Side Request Forgery (SSRF) vulnerability in Tandoor Recipes, a popular open-source application for managing recipes, planning meals, and building shopping lists. The vulnerability exists in the Cookmate recipe import feature, where the application fails to validate destination URLs after following HTTP redirects.
This security flaw allows any authenticated user—including standard users without administrative privileges—to force the server to connect to arbitrary internal or external resources. The vulnerability is located in cookbook/integration/cookmate.py, within the Cookmate integration class.
Critical Impact
Attackers can leverage this SSRF vulnerability to scan internal network ports, access cloud instance metadata services (AWS/GCP), or disclose the server's real IP address, potentially exposing sensitive infrastructure information.
Affected Products
- Tandoor Recipes versions prior to 2.5.1
- All Tandoor Recipes instances with Cookmate import feature enabled
- Self-hosted and cloud-deployed Tandoor Recipes installations
Discovery Timeline
- February 13, 2026 - CVE-2026-25991 published to NVD
- February 17, 2026 - Last updated in NVD database
Technical Details for CVE-2026-25991
Vulnerability Analysis
The SSRF vulnerability in Tandoor Recipes stems from insufficient URL validation in the Cookmate recipe import functionality. When a user imports a recipe from an external URL, the application follows HTTP redirects without validating the final destination. This lack of post-redirect validation creates a significant security gap that can be exploited by authenticated users.
The vulnerability is particularly concerning because it requires only basic authentication—no administrative privileges are necessary to exploit it. An attacker with a standard user account can craft malicious import requests that force the server to make connections to internal network resources, cloud metadata endpoints, or external services.
The impact scope is changed (as indicated by the cross-domain nature of the attack), meaning the vulnerability affects resources beyond the security scope of the vulnerable component itself. While the attack does not allow for data modification or service disruption, it enables high-severity information disclosure.
Root Cause
The root cause lies in the cookbook/integration/cookmate.py file, where the Cookmate integration class uses standard HTTP request methods without proper URL validation after following redirects. The original implementation used the requests library directly without implementing safeguards against SSRF attacks.
The vulnerable code path allows an attacker to:
- Submit a URL pointing to an attacker-controlled server
- Have the attacker's server respond with a redirect to an internal resource
- The Tandoor server follows the redirect and connects to the internal resource
- Response data or connection metadata is leaked back to the attacker
Attack Vector
The attack is network-based and requires low complexity to execute. An authenticated user can exploit this vulnerability through the Cookmate recipe import feature by providing a specially crafted URL that redirects to internal resources.
Common exploitation scenarios include:
- Accessing AWS/GCP instance metadata services at http://169.254.169.254/
- Scanning internal network ports to map infrastructure
- Accessing internal services not exposed to the internet
- Revealing the server's real IP address when behind a proxy or CDN
# Security patch showing the fix - cookbook/integration/cookmate.py
# Source: https://github.com/TandoorRecipes/recipes/commit/fdf22c5e745740db1fec29d6b4bd3df5d340e6ab
# Before (vulnerable):
from io import BytesIO
-import requests
-
-from cookbook.helper.HelperFunctions import validate_import_url
+from cookbook.helper.HelperFunctions import validate_import_url, safe_request
from cookbook.helper.ingredient_parser import IngredientParser
from cookbook.helper.recipe_url_import import parse_servings, parse_servings_text, parse_time
from cookbook.integration.integration import Integration
The fix introduces a safe_request helper function that validates URLs both before and after following redirects, preventing SSRF attacks through redirect chains.
Detection Methods for CVE-2026-25991
Indicators of Compromise
- Unusual outbound connections from the Tandoor Recipes server to internal IP ranges (10.x.x.x, 172.16.x.x, 192.168.x.x)
- Requests to cloud metadata endpoints (169.254.169.254) originating from the application server
- Recipe import requests containing URLs with suspicious redirect chains
- Increased volume of failed or unusual recipe import attempts from specific user accounts
Detection Strategies
- Monitor application logs for recipe import requests with URLs pointing to internal IP addresses or localhost
- Implement network-level detection for outbound connections from the Tandoor server to internal network ranges
- Review audit logs for unusual patterns in the Cookmate import feature usage
- Deploy web application firewall (WAF) rules to detect SSRF payload patterns in import requests
Monitoring Recommendations
- Enable verbose logging for the recipe import functionality to capture all URL requests
- Set up alerts for outbound connections to cloud metadata IP ranges from application servers
- Monitor for DNS lookups to internal hostnames originating from the Tandoor Recipes container or server
- Implement network segmentation monitoring to detect lateral movement attempts
How to Mitigate CVE-2026-25991
Immediate Actions Required
- Upgrade Tandoor Recipes to version 2.5.1 or later immediately
- If immediate upgrade is not possible, disable or restrict access to the Cookmate recipe import feature
- Review audit logs for any suspicious recipe import activity that may indicate exploitation attempts
- Implement network-level controls to block outbound connections from the application server to internal resources
Patch Information
The vulnerability is fixed in Tandoor Recipes version 2.5.1. The patch introduces a safe_request helper function that validates destination URLs after following HTTP redirects, preventing SSRF attacks through redirect chains.
Patch details:
- Fixed Version:2.5.1
- Commit:fdf22c5e745740db1fec29d6b4bd3df5d340e6ab
- Security Advisory:GHSA-j6xg-85mh-qqf7
- Release Notes:GitHub Release 2.5.1
Workarounds
- Restrict access to the recipe import feature to trusted administrators only until the patch can be applied
- Implement network-level egress filtering to block connections from the Tandoor server to internal IP ranges and cloud metadata endpoints
- Use a web application firewall to inspect and block requests containing SSRF payloads
- Deploy the application in an isolated network segment without access to sensitive internal resources
# Example: Block metadata endpoint access at the network/firewall level
# Add iptables rule to prevent SSRF to cloud metadata services
iptables -A OUTPUT -d 169.254.169.254 -j DROP
# For Docker deployments, add network restrictions in docker-compose.yml
# networks:
# tandoor_net:
# driver: bridge
# internal: true # Prevents direct internet access
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
