CVE-2026-33126 Overview
CVE-2026-33126 is a Server-Side Request Forgery (SSRF) vulnerability affecting Frigate, an open-source network video recorder (NVR) with real-time local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing attackers to leverage the Frigate server to make unauthorized HTTP requests to internal network resources, cloud metadata services, or perform port scanning against internal infrastructure.
Critical Impact
Authenticated attackers can exploit the vulnerable /ffprobe endpoint to access internal network resources, enumerate services, and potentially exfiltrate sensitive information from cloud metadata endpoints.
Affected Products
- Frigate NVR versions prior to 0.16.3
- Self-hosted Frigate deployments with exposed web interfaces
- Docker-based Frigate installations with network access to internal resources
Discovery Timeline
- 2026-03-20 - CVE-2026-33126 published to NVD
- 2026-03-23 - Last updated in NVD database
Technical Details for CVE-2026-33126
Vulnerability Analysis
The vulnerability exists in the /ffprobe endpoint of the Frigate web interface, which is designed to probe media streams and retrieve metadata about video sources. This endpoint accepts a URL parameter that specifies the target stream to analyze. The core issue is that the application fails to implement proper input validation or URL allowlisting, enabling authenticated users to supply arbitrary URLs pointing to any destination.
When exploited, the Frigate server acts as a proxy, making HTTP requests on behalf of the attacker to internal resources that would otherwise be inaccessible from external networks. This is particularly dangerous in containerized deployments where Frigate may have access to Docker networks, host services, or cloud provider metadata endpoints such as http://169.254.169.254/ on AWS, GCP, or Azure instances.
Root Cause
The root cause is improper input validation (CWE-918: Server-Side Request Forgery) in the URL handling logic of the /ffprobe endpoint. The application does not restrict which protocols, hostnames, or IP addresses can be specified in the URL parameter. There is no validation to ensure requests are limited to legitimate camera stream sources, allowing attackers to target arbitrary internal and external endpoints.
Attack Vector
The attack requires network access to the Frigate web interface and low-level privileges (authenticated access). An attacker can craft requests to the /ffprobe endpoint with malicious URLs targeting:
- Internal network services: Access databases, admin panels, or other services on localhost or private IP ranges
- Cloud metadata services: Retrieve instance credentials, configuration data, and sensitive metadata from cloud provider endpoints
- Port scanning: Enumerate open ports and services on internal hosts by observing response timing and error messages
- Internal API access: Interact with internal REST APIs or microservices that trust requests from the internal network
The vulnerability is exploited by sending crafted HTTP requests to the Frigate server's /ffprobe endpoint with a URL parameter pointing to the target resource. The server processes the request and returns the response, effectively acting as an open proxy for the attacker.
Detection Methods for CVE-2026-33126
Indicators of Compromise
- Unusual requests to the /ffprobe endpoint with URLs pointing to internal IP addresses (e.g., 127.0.0.1, 10.x.x.x, 172.16-31.x.x, 192.168.x.x)
- Requests to /ffprobe targeting cloud metadata endpoints such as 169.254.169.254
- Anomalous outbound connections from the Frigate server to internal services or unexpected external destinations
- Sequential requests to /ffprobe with incrementing port numbers indicative of port scanning activity
Detection Strategies
- Monitor web server access logs for requests to /ffprobe containing suspicious URL patterns including private IP ranges and metadata service addresses
- Implement network monitoring to detect outbound connections from Frigate containers to internal services that should not be accessed
- Configure intrusion detection rules to alert on SSRF patterns in HTTP request parameters
- Review application logs for failed or unusual FFprobe operations against non-camera endpoints
Monitoring Recommendations
- Enable verbose logging on the Frigate application to capture all /ffprobe requests with full URL parameters
- Deploy network segmentation monitoring to detect cross-segment traffic originating from NVR systems
- Implement egress filtering alerts for the Frigate host or container attempting to access internal network ranges
How to Mitigate CVE-2026-33126
Immediate Actions Required
- Upgrade Frigate to version 0.16.3 or later immediately to address this vulnerability
- Restrict network access to the Frigate web interface using firewall rules or reverse proxy authentication
- Implement network segmentation to limit Frigate's access to only required camera network segments
- Review logs for evidence of exploitation attempts against the /ffprobe endpoint
Patch Information
The Frigate development team has addressed this vulnerability in version 0.16.3. The fix implements proper URL validation to prevent requests to unauthorized destinations. Users should upgrade to this version or later as soon as possible.
For detailed patch information, see the Frigate v0.16.3 Release Notes and the GitHub Security Advisory GHSA-j6g3-3j3q-c2xv.
Workarounds
- Deploy Frigate behind a reverse proxy that blocks or restricts access to the /ffprobe endpoint for untrusted users
- Implement network-level controls to prevent the Frigate server from making outbound connections to internal network ranges
- Use firewall rules to block outbound traffic from the Frigate container to cloud metadata IP addresses (169.254.169.254)
- Consider running Frigate in an isolated network segment with no access to sensitive internal resources
# Example: Block cloud metadata access from Frigate container using iptables
iptables -A OUTPUT -d 169.254.169.254 -j DROP
# Example: Docker network isolation for Frigate
docker network create --internal frigate-isolated
docker run --network frigate-isolated ghcr.io/blakeblackshear/frigate:0.16.3
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
