CVE-2026-33682 Overview
CVE-2026-33682 is a Server-Side Request Forgery (SSRF) vulnerability in Streamlit, a popular data-oriented application development framework for Python. This vulnerability affects Streamlit Open Source versions prior to 1.54.0 running on Windows hosts, where improper validation of attacker-supplied filesystem paths can be exploited to initiate unauthorized outbound SMB connections.
The vulnerability arises from insufficient input validation in certain code paths, including within the ComponentRequestHandler. When filesystem paths are resolved using os.path.realpath() or Path.resolve() before adequate validation occurs, an attacker can supply malicious UNC paths (e.g., \\attacker-controlled-host\share) that cause the Streamlit server to initiate outbound SMB connections over port 445. This behavior can lead to NTLMv2 credential disclosure and enable further attacks against internal infrastructure.
Critical Impact
Unauthenticated attackers on adjacent networks can force Windows systems running Streamlit to disclose NTLMv2 credentials via SMB connections to attacker-controlled servers, enabling NTLM relay attacks and internal network reconnaissance.
Affected Products
- Streamlit Open Source versions prior to 1.54.0 (Windows hosts only)
- Applications built using affected Streamlit versions deployed on Windows
- Windows environments where Streamlit server processes run with domain-joined credentials
Discovery Timeline
- 2026-03-26 - CVE-2026-33682 published to NVD
- 2026-03-26 - Last updated in NVD database
Technical Details for CVE-2026-33682
Vulnerability Analysis
This SSRF vulnerability (CWE-918) stems from a fundamental timing issue in path validation logic. The vulnerable code paths process user-supplied filesystem paths by calling os.path.realpath() or Path.resolve() before conducting security validation checks. On Windows systems, this ordering is critical because path resolution functions actively follow UNC paths, triggering SMB connection attempts as a side effect of the resolution operation itself.
When an attacker supplies a UNC path like \\malicious-server\share\file, Windows automatically attempts to authenticate to the remote SMB server as part of resolving the path. This authentication attempt transmits the NTLMv2 challenge-response credentials of the user account running the Streamlit process. The vulnerability exists because validation that would reject such paths occurs after the dangerous resolution operation has already executed.
Root Cause
The root cause is improper input validation timing in component file handling. The ComponentRequestHandler and related code paths resolved filesystem paths using platform APIs before checking whether those paths were safe to process. The fix introduces a new centralized security module (streamlit/path_security.py) that validates path patterns before any filesystem operations occur. This module specifically detects and blocks unsafe path patterns including UNC paths, preventing Windows from initiating SMB connections during path resolution.
Attack Vector
The attack requires network adjacency, meaning the attacker must be positioned to receive SMB connections from the target Windows host. An attacker crafts malicious requests containing UNC paths targeting the Streamlit component handling endpoints. When the server processes these requests, it triggers outbound SMB authentication to the attacker-controlled host.
The captured NTLMv2 hashes can then be:
- Relayed in real-time to other internal services accepting NTLM authentication
- Subjected to offline password cracking attempts
- Used to identify reachable internal hosts via timing analysis of SMB connection attempts
# Security patch adding path validation before filesystem operations
# Source: https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76
# New import in lib/streamlit/components/v2/component_path_utils.py
from __future__ import annotations
from pathlib import Path
from typing import Final
from streamlit.errors import StreamlitComponentRegistryError
from streamlit.logger import get_logger
from streamlit.path_security import is_unsafe_path_pattern
_LOGGER: Final = get_logger(__name__)
The patch introduces the is_unsafe_path_pattern function from a new path_security module, which performs validation before any path resolution occurs, preventing SSRF attacks via UNC path injection.
Detection Methods for CVE-2026-33682
Indicators of Compromise
- Outbound SMB traffic (TCP port 445) from Streamlit server processes to external or unusual destinations
- Windows Security Event logs showing NTLM authentication attempts to unknown hosts
- Network traffic containing UNC paths in HTTP requests to Streamlit component endpoints
- Unusual ComponentRequestHandler errors or exceptions in Streamlit application logs
Detection Strategies
- Monitor network egress for SMB traffic originating from application servers running Streamlit
- Implement network segmentation rules blocking outbound SMB from web application servers
- Review Streamlit application logs for path traversal attempts or malformed component requests
- Deploy network intrusion detection signatures for UNC path patterns in HTTP request payloads
Monitoring Recommendations
- Configure SIEM rules to alert on outbound SMB connections from Streamlit server hosts
- Enable Windows Security Event logging for NTLM authentication events (Event IDs 4624, 4625)
- Implement application-layer logging to capture all paths processed by component handlers
- Establish baseline network behavior for Streamlit deployments to identify anomalous connections
How to Mitigate CVE-2026-33682
Immediate Actions Required
- Upgrade Streamlit to version 1.54.0 or later immediately on all Windows deployments
- Block outbound SMB traffic (TCP 445) from Streamlit application servers at the network perimeter
- Review network logs for evidence of exploitation attempts or successful credential exfiltration
- Rotate credentials for service accounts running Streamlit processes on Windows hosts
Patch Information
Streamlit version 1.54.0 contains the security fix for this vulnerability. The patch introduces a centralized path security module (lib/streamlit/path_security.py) that validates path patterns before any filesystem operations occur. This ensures that UNC paths and other potentially dangerous path patterns are rejected before Windows can attempt SMB connections during path resolution.
Upgrade using pip:
pip install streamlit>=1.54.0
For additional details, see the GitHub Security Advisory GHSA-7p48-42j8-8846 and the release notes for version 1.54.0.
Workarounds
- Deploy Streamlit applications on Linux hosts where UNC path handling does not trigger SMB connections
- Implement network-level controls blocking outbound SMB (TCP 445) from application servers
- Run Streamlit processes under low-privilege local accounts without network authentication capabilities
- Use a reverse proxy to filter and validate incoming requests before they reach Streamlit
# Block outbound SMB from application server using Windows Firewall
netsh advfirewall firewall add rule name="Block Outbound SMB" dir=out action=block protocol=TCP remoteport=445
# Alternatively, on Linux hosts using iptables (if applicable)
iptables -A OUTPUT -p tcp --dport 445 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
