CVE-2026-40072 Overview
CVE-2026-40072 is a Server-Side Request Forgery (SSRF) vulnerability affecting web3.py, a popular Python library for interacting with the Ethereum blockchain. The vulnerability exists in the CCIP Read / OffchainLookup (EIP-3668) implementation, which performs HTTP requests to URLs supplied by smart contracts without any destination validation. Versions from 6.0.0b3 to before 7.15.0 and 8.0.0b2 are affected.
The implementation uses contract-supplied URLs directly (after {sender} / {data} template substitution) without validating the destination. Since CCIP Read is enabled by default (global_ccip_read_enabled = True on all providers), any application using web3.py's .call() method is exposed without explicit opt-in.
Critical Impact
A malicious contract can force the web3.py process to issue HTTP requests to arbitrary destinations, including internal network services and cloud metadata endpoints, potentially exposing sensitive infrastructure to attackers.
Affected Products
- web3.py versions 6.0.0b3 to 7.14.x
- web3.py versions 8.0.0b0 to 8.0.0b1
- Backend services, indexers, and APIs using web3.py's .call() method against untrusted contracts
Discovery Timeline
- 2026-04-09 - CVE CVE-2026-40072 published to NVD
- 2026-04-09 - Last updated in NVD database
Technical Details for CVE-2026-40072
Vulnerability Analysis
This vulnerability stems from insufficient input validation in the CCIP Read implementation (EIP-3668). When web3.py processes an OffchainLookup response from a smart contract, it accepts URLs from the offchain_lookup_payload["urls"] array and performs HTTP requests to those destinations without any validation or sanitization.
The flaw is particularly dangerous because CCIP Read functionality is enabled by default across all providers. This means developers may unknowingly expose their backend infrastructure to SSRF attacks simply by using the standard .call() method against user-supplied or untrusted contract addresses.
In exploitation scenarios, an attacker deploys a malicious smart contract that returns an OffchainLookup error containing URLs pointing to internal network resources, cloud metadata services (such as http://169.254.169.254/), or other sensitive endpoints. When a web3.py application calls this contract, the library automatically follows the CCIP Read protocol and makes requests to these attacker-controlled URLs.
Root Cause
The root cause is classified under CWE-918 (Server-Side Request Forgery). The web3.py library's handle_offchain_lookup and async_handle_offchain_lookup functions perform HTTP requests to URLs provided in smart contract responses without implementing URL validation, allowlisting, or blocking of sensitive destinations. The lack of input validation on contract-supplied URLs creates a direct path for SSRF exploitation.
Attack Vector
The attack vector is network-based, requiring no authentication or user interaction. An attacker can exploit this vulnerability by:
- Deploying a malicious smart contract that implements the CCIP Read pattern
- Configuring the contract to return OffchainLookup errors with URLs pointing to internal services
- Tricking or waiting for a vulnerable web3.py application to call the malicious contract
- The web3.py library automatically performs HTTP requests to the attacker-specified URLs
- Responses from internal services may be returned to the attacker or used to map internal infrastructure
The security patch introduces URL validation controls to the CCIP Read implementation:
durin_calldata = await async_handle_offchain_lookup(
offchain_lookup.payload,
transaction,
+ allow_http=self.w3.provider.ccip_read_allow_http,
+ url_validator=self.w3.provider.ccip_read_url_validator,
)
transaction["data"] = durin_calldata
Source: GitHub Commit Update
Detection Methods for CVE-2026-40072
Indicators of Compromise
- Unexpected outbound HTTP requests from web3.py processes to internal IP ranges (10.x.x.x, 172.16.x.x, 192.168.x.x)
- HTTP requests to cloud metadata endpoints (169.254.169.254) originating from Ethereum-interacting services
- Unusual network traffic patterns from backend services performing blockchain operations
- Log entries showing CCIP Read requests to non-standard or internal URLs
Detection Strategies
- Monitor network traffic from web3.py applications for requests to RFC 1918 private address ranges
- Implement egress filtering and logging on services that interact with the Ethereum blockchain
- Review application logs for OffchainLookup events that reference unexpected URL patterns
- Deploy network-level IDS/IPS rules to detect SSRF patterns targeting cloud metadata services
Monitoring Recommendations
- Enable verbose logging for web3.py operations to capture CCIP Read URL requests
- Configure alerts for outbound connections from blockchain services to internal network segments
- Implement application-level monitoring to track all URLs accessed via CCIP Read functionality
- Review smart contract interaction logs for contracts with suspicious OffchainLookup responses
How to Mitigate CVE-2026-40072
Immediate Actions Required
- Upgrade web3.py to version 7.15.0 or 8.0.0b2 immediately
- Audit applications using web3.py's .call() method against untrusted contract addresses
- Consider disabling CCIP Read functionality (global_ccip_read_enabled = False) until patches can be applied
- Implement network-level egress controls to prevent access to sensitive internal endpoints
Patch Information
The vulnerability is fixed in web3.py versions 7.15.0 and 8.0.0b2. The patch introduces two new provider configuration options: ccip_read_allow_http to control HTTP protocol usage and ccip_read_url_validator to enable custom URL validation logic. These controls allow developers to restrict which URLs can be accessed during CCIP Read operations.
For additional details, refer to the GitHub Security Advisory GHSA-5hr4-253g-cpx2.
Workarounds
- Disable CCIP Read globally by setting global_ccip_read_enabled = False on your Web3 provider instance
- Implement network-level firewall rules blocking outbound requests from web3.py services to internal networks
- Use a proxy or gateway that validates and filters outbound URLs before allowing requests
- Avoid calling untrusted or user-supplied contract addresses in environments where SSRF could be impactful
# Configuration example - Disable CCIP Read on Web3 provider
# In your Python application:
# from web3 import Web3
# w3 = Web3(Web3.HTTPProvider('https://your-node-url'))
# w3.provider.global_ccip_read_enabled = False
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
