CVE-2026-54300— @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-54300
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config
Source: NVD (National Vulnerability Database)
Vulnerability Description
@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as *.example.com is converted to an optional subdomain regex, so the apex host matches. A single wildcard pathname such as /ok/* is converted without end anchoring, so deeper paths match by prefix. This vulnerability is fixed in 7.0.13.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-54300
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-54300
请登录查看更多情报信息。
Other References for CVE-2026-54300 (1)
Same Patch Batch · withastro · 2026-06-22 · 4 CVEs total
| CVE-2026-54299 | 7.5 HIGH | Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPa |
| CVE-2026-50146 | 7.1 HIGH | Astro: Reflected XSS via unescaped slot name |
| CVE-2026-54298 | 4.2 MEDIUM | Astro: XSS via Unescaped Attribute Names in Spread Props |
IV. Related Vulnerabilities
Same product: astro
- CVE-2026-54299
Astro: Host-header full-read SSRF in core prerendered error- - CVE-2026-54298
Astro: XSS via Unescaped Attribute Names in Spread Props - CVE-2026-50146
Astro: Reflected XSS via unescaped slot name - CVE-2026-45028
Astro: Server island encrypted parameters vulnerable to cros - CVE-2026-41248
Official Clerk JavaScript SDKs: Middleware-based route prot
Same vendor: withastro
- CVE-2026-54299
Astro: Host-header full-read SSRF in core prerendered error- - CVE-2026-54298
Astro: XSS via Unescaped Attribute Names in Spread Props - CVE-2026-50146
Astro: Reflected XSS via unescaped slot name - CVE-2026-45028
Astro: Server island encrypted parameters vulnerable to cros - CVE-2026-41322
@astrojs/node: Cache Poisoning due to incorrect error handli
Same weakness: CWE-918
- CVE-2026-28385
SSRF via image import from URL allows internal network probi - CVE-2026-56663
AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP v - CVE-2026-57627
WordPress Kirki plugin <= 6.0.11 - Server Side Request Forge - CVE-2026-56026
WordPress utm.codes plugin <= 1.9.0 - Server Side Request Fo - CVE-2026-4339
SSRF via unvalidated attachment URLs in Mattermost Agents pl
V. Comments for CVE-2026-54300
No comments yet