Vulnerability Details - Title: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host - Affected Versions: - - - Patched Versions: - - - CVE ID: CVE-2026-25492 - Severity: Moderate Summary - The save_images_Asset GraphQL mutation can be exploited to download an image from an attacker-controlled domain that resolves to a sensitive internal IP address via an A record. The attacker’s URL can bypass validation checks when using a file extension. Impact - This allows attackers to exfiltrate sensitive data from the host, including AWS credentials, if the host is an AWS EC2 instance. Preconditions - GraphQL access must be enabled. - The attacker must possess a GraphQL token with permissions to execute the save_images_Asset mutation. - must be an allowed file extension. PoC - A sample Python script demonstrates how to make a GraphQL mutation call to save_images_Asset and retrieve sensitive data.