CVE-2026-41170 Overview
CVE-2026-41170 is a Server-Side Request Forgery (SSRF) vulnerability affecting Squidex, an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient without any SSRF protection.
A malicious or compromised admin can use this endpoint to probe internal network services, access cloud metadata endpoints, or perform internal reconnaissance. While the vulnerability requires administrator authentication, it remains highly impactful due to the potential access to sensitive internal resources.
Critical Impact
Authenticated administrators can exploit this SSRF vulnerability to access internal network resources, cloud metadata endpoints (such as AWS IMDSv1 at 169.254.169.254), and perform reconnaissance against internal infrastructure not otherwise accessible from the public internet.
Affected Products
- Squidex Headless CMS versions prior to 7.23.0
- Squidex deployments with administrator access exposed to untrusted users
- Cloud-hosted Squidex instances with access to cloud provider metadata services
Discovery Timeline
- 2026-04-22 - CVE CVE-2026-41170 published to NVD
- 2026-04-23 - Last updated in NVD database
Technical Details for CVE-2026-41170
Vulnerability Analysis
This vulnerability is classified under CWE-918 (Server-Side Request Forgery). The core issue lies in the backup restoration functionality where the application accepts user-controlled URLs without implementing proper SSRF protections. When an administrator initiates a restore operation, the system fetches the backup archive from the specified URL using an HttpClient that lacks restrictions on target destinations.
The attack surface is limited to authenticated administrators, which provides some protection. However, in scenarios involving compromised admin credentials, insider threats, or multi-tenant environments where admin access may be granted more broadly, this vulnerability becomes a significant concern. An attacker can leverage this endpoint to reach internal services that would otherwise be inaccessible from external networks.
Root Cause
The root cause is the absence of URL validation and SSRF protection mechanisms in the backup restoration HTTP client. The RestoreController.PostRestoreJob endpoint directly uses user-supplied URLs to fetch backup archives without:
- Validating that the target URL points to an external, trusted resource
- Blocking requests to internal IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8)
- Preventing access to cloud metadata endpoints (e.g., 169.254.169.254)
- Implementing allowlist-based URL filtering
Attack Vector
The attack is network-based and requires authenticated access with administrative privileges. An attacker with admin credentials can craft malicious restore job requests targeting internal resources:
- Cloud Metadata Access: Target http://169.254.169.254/latest/meta-data/ to retrieve cloud instance credentials and configuration
- Internal Service Enumeration: Probe internal services on private networks to discover running services and their versions
- Port Scanning: Use timing-based responses to determine which internal ports are open
- Data Exfiltration: Access internal APIs or databases that may return sensitive information in HTTP responses
The security patch introduces configuration options to control backup restoration behavior:
+// ==========================================================================
+// Squidex Headless CMS
+// ==========================================================================
+// Copyright (c) Squidex UG (haftungsbeschraenkt)
+// All rights reserved. Licensed under the MIT license.
+// ==========================================================================
+
+namespace Squidex.Domain.Apps.Entities.Backup;
+
+public sealed class BackupOptions
+{
+ public bool AllowRestoreFromLocalFiles { get; set; }
+}
Source: GitHub Commit Update
Detection Methods for CVE-2026-41170
Indicators of Compromise
- Unusual outbound HTTP requests from the Squidex application server to internal IP addresses or cloud metadata endpoints
- Backup restore job requests with URLs targeting 169.254.169.254, localhost, or private IP ranges
- Unexpected requests to internal services from the CMS application tier
- Administrator audit logs showing restore operations with suspicious external or internal URLs
Detection Strategies
- Implement network monitoring to detect HTTP requests from the Squidex server to internal IP ranges that should not be directly accessible
- Configure web application firewalls (WAF) to alert on requests containing internal IP addresses or cloud metadata URLs in POST bodies
- Review application logs for PostRestoreJob endpoint calls with non-standard backup URLs
- Deploy egress filtering rules and alert when the application attempts to connect to restricted network segments
Monitoring Recommendations
- Enable detailed logging for all backup and restore operations within Squidex
- Monitor outbound network connections from the Squidex application container or host for anomalous destinations
- Implement alerting for any requests to cloud metadata endpoints (169.254.169.254) from application servers
- Regularly audit administrator accounts and their activity logs for suspicious restore operations
How to Mitigate CVE-2026-41170
Immediate Actions Required
- Upgrade Squidex to version 7.23.0 or later immediately to address this vulnerability
- Audit administrator accounts and revoke access for any accounts that are no longer needed or may be compromised
- Review backup restore logs for any suspicious activity that may indicate exploitation attempts
- Implement network-level egress filtering to block requests from the Squidex server to internal IP ranges and cloud metadata endpoints
Patch Information
The vulnerability has been fixed in Squidex version 7.23.0. The patch introduces the BackupOptions configuration class with controls for backup restoration behavior. Security fixes were implemented across multiple components as tracked in GitHub Security Advisory GHSA-6q6m-7h5j-jq4g. The specific commit addressing this issue can be reviewed at the GitHub Commit Update.
Workarounds
- Restrict administrator access to trusted users only and implement multi-factor authentication for admin accounts
- Deploy network segmentation to limit what internal resources the Squidex application server can reach
- Configure egress firewall rules to block the Squidex application from accessing cloud metadata endpoints and internal network ranges
- Consider disabling the backup restore functionality if not operationally required until the patch can be applied
# Example iptables rules to block SSRF targets from application server
# Block cloud metadata endpoint
iptables -A OUTPUT -d 169.254.169.254 -j DROP
# Block common internal ranges (adjust based on your network)
iptables -A OUTPUT -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -d 192.168.0.0/16 -j DROP
iptables -A OUTPUT -d 127.0.0.0/8 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
