CVE-2026-3125 Overview
A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler. This vulnerability allows attackers to bypass Cloudflare's edge interception by substituting a backslash for a forward slash in the URL path, enabling unvalidated fetches of arbitrary remote URLs through victim domains.
The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In production environments, Cloudflare's edge normally intercepts /cdn-cgi/image/ requests before they reach the Worker. However, by using /cdn-cgi\image/ instead of /cdn-cgi/image/, an attacker can bypass this edge interception entirely. The JavaScript URL class then normalizes the backslash to a forward slash, causing the request to match the handler and trigger an unvalidated fetch of arbitrary remote URLs.
Critical Impact
Attackers can serve attacker-controlled content through a victim site's domain, violating the same-origin policy, potentially misleading users, and exposing private cache data stored under protected /cdn-cgi/ paths.
Affected Products
- @opennextjs/cloudflare package (versions prior to 1.17.1)
- Cloudflare Workers with Assets
- Cloudflare Pages deployments
Discovery Timeline
- 2026-03-04 - CVE CVE-2026-3125 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-3125
Vulnerability Analysis
This SSRF vulnerability exploits a discrepancy between how Cloudflare's edge infrastructure processes URL paths versus how the JavaScript URL class normalizes them within Workers. The core issue lies in inconsistent handling of path separators across different layers of the application stack.
The /cdn-cgi/image/ handler was designed as a development-only feature that should never be accessible in production environments. Cloudflare's edge infrastructure is supposed to intercept any requests to /cdn-cgi/ paths before they reach the Worker. However, when an attacker substitutes a backslash character (\) for the forward slash after cdn-cgi, the edge infrastructure fails to recognize this as a /cdn-cgi/ path and allows the request through.
Once the request reaches the Worker, the JavaScript URL class performs path normalization, converting the backslash to a forward slash. This normalization causes the previously bypassed path to now match the /cdn-cgi/image/ handler, triggering the vulnerable code path.
The impact extends beyond simple SSRF. The vulnerability also affects Cloudflare Workers with Assets and Cloudflare Pages, where assets stored under /cdn-cgi/ paths that should be private become publicly accessible. Notably, Open Next projects store incremental cache data under /cdn-cgi/_next_cache, which could expose sensitive cached application data.
Root Cause
The root cause is classified as CWE-706 (Use of Incorrectly-Resolved Name or Reference). The vulnerability stems from inconsistent path normalization between Cloudflare's edge infrastructure and the JavaScript URL class within Workers. The edge infrastructure does not normalize backslashes to forward slashes before making routing decisions, while the URL class does perform this normalization. This creates a security gap where crafted paths can bypass security controls at the edge but still match protected handlers within the Worker.
Attack Vector
The attack requires network access and can be executed without authentication or user interaction. An attacker crafts a URL replacing the forward slash after cdn-cgi with a backslash character. This request must be sent via HTTP clients that preserve backslashes in paths, such as curl with the --path-as-is flag.
For example, a malicious request like https://victim-site.com/cdn-cgi\image/aaaa/https://attacker.com would bypass edge interception, reach the Worker, get normalized to match the image handler, and then fetch content from the attacker-controlled URL. This content is then served through the victim's domain, effectively allowing attackers to proxy arbitrary content through trusted domains.
Note that this bypass does not work via standard web browsers, as browsers normalize backslashes to forward slashes before sending HTTP requests. However, HTTP clients, scripts, APIs, and backend services that preserve path characters can successfully exploit this vulnerability.
Detection Methods for CVE-2026-3125
Indicators of Compromise
- HTTP access logs showing requests containing backslash characters in the path, particularly patterns matching /cdn-cgi\ or /cdn-cgi%5C
- Outbound network connections from Workers to unexpected external domains or IP addresses
- Unusual access patterns to /cdn-cgi/_next_cache or other protected asset paths
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block requests containing backslash characters in URL paths targeting /cdn-cgi endpoints
- Monitor Worker execution logs for fetch requests to external URLs that were not explicitly whitelisted
- Deploy anomaly detection to identify requests with unusual path encoding patterns
Monitoring Recommendations
- Configure alerting for any HTTP requests containing \image/ or %5Cimage/ path segments in access logs
- Monitor for increased outbound traffic from Workers to external domains that are not part of normal application behavior
- Implement logging for all cache access operations under /cdn-cgi/_next_cache paths to detect unauthorized data exposure
How to Mitigate CVE-2026-3125
Immediate Actions Required
- Upgrade @opennextjs/cloudflare package to version 1.17.1 or later immediately
- Audit Worker configurations to ensure development-only handlers are not exposed in production deployments
- Review access logs for historical exploitation attempts using backslash-based path bypass techniques
Patch Information
The vulnerability has been addressed in @opennextjs/cloudflare version 1.17.1. The fix is available through the official NPM package. For detailed information about the security fix, refer to the GitHub Pull Request that implemented the patch. The GitHub Security Advisory provides additional context and remediation guidance.
Workarounds
- Deploy WAF rules at the edge to normalize or reject requests containing backslash characters in URL paths before they reach Workers
- Implement input validation within Worker code to explicitly reject any requests containing backslash characters in path segments
- If the /cdn-cgi/image/ handler is not required for your application, consider removing or disabling it entirely in production configurations
# Update @opennextjs/cloudflare to patched version
npm update @opennextjs/cloudflare@1.17.1
# Verify the installed version
npm list @opennextjs/cloudflare
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
