Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-30118: Scalar Astro v0.1.13 exposes sensitive data to attackers
CVE-2026-30118
Summary
The Scalar Astro proxy endpoint can be tricked into sending requests to malicious URLs, potentially exposing sensitive information like authentication cookies. This could allow unauthorized access to the system. Update to the latest version to fix this issue.
Original title
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attacke...
Original description
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to authentication cookies and headers exposure and possible privilege escalation.
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 19 May 2026 · Updated: 28 May 2026 · First seen: 19 May 2026