Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
CVE-2026-45568: rok Python ProxyShare allows attackers to access internal servers
GHSA-jh67-hwqw-m5r7
CVE-2026-45568
Summary
The ProxyShare feature in rok Python allows attackers to bypass security settings and access internal servers by manipulating URL paths. This could lead to unauthorized access to sensitive data or systems. To fix this, update the rok Python SDK to prevent absolute URL paths from being used in the ProxyShare feature.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | zrok | >= 0.4.47, <= 1.1.11 |
Original title
rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
Original description
## Summary
Alice exposes a Python SDK `ProxyShare` with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to `urllib.parse.urljoin`, which replaces Alice's configured target host with Bob's host and returns the server-side response to Bob.
## Details
The Python SDK proxy route accepts every path under the share:
```python
@app.route('/', defaults={'path': ''}, methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'])
@app.route('/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'])
def proxy(path):
```
It constructs the outbound URL with `urljoin` and then sends the request:
```python
url = urllib.parse.urljoin(self.target, path)
resp = requests.request(
method=request.method,
url=url,
headers={key: value for (key, value) in request.headers
if key.lower() not in HOP_BY_HOP_HEADERS},
data=request.get_data(),
cookies=request.cookies,
allow_redirects=False,
stream=True,
verify=self.verify_ssl
)
```
When `path` is `[http://127.0.0.1:19190/metadata`](http://127.0.0.1:19190/metadata%60), `urljoin(self.target, path)` returns `[http://127.0.0.1:19190/metadata`](http://127.0.0.1:19190/metadata%60). The proxy sends the request to Bob's chosen URL rather than Alice's target.
Alice exposes a Python SDK `ProxyShare` with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to `urllib.parse.urljoin`, which replaces Alice's configured target host with Bob's host and returns the server-side response to Bob.
## Details
The Python SDK proxy route accepts every path under the share:
```python
@app.route('/', defaults={'path': ''}, methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'])
@app.route('/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'])
def proxy(path):
```
It constructs the outbound URL with `urljoin` and then sends the request:
```python
url = urllib.parse.urljoin(self.target, path)
resp = requests.request(
method=request.method,
url=url,
headers={key: value for (key, value) in request.headers
if key.lower() not in HOP_BY_HOP_HEADERS},
data=request.get_data(),
cookies=request.cookies,
allow_redirects=False,
stream=True,
verify=self.verify_ssl
)
```
When `path` is `[http://127.0.0.1:19190/metadata`](http://127.0.0.1:19190/metadata%60), `urljoin(self.target, path)` returns `[http://127.0.0.1:19190/metadata`](http://127.0.0.1:19190/metadata%60). The proxy sends the request to Bob's chosen URL rather than Alice's target.
ghsa CVSS4.0
9.9
Vulnerability type
CWE-22
Path Traversal
Published: 19 May 2026 · Updated: 19 May 2026 · First seen: 19 May 2026