CVE-2026-27829 — MEDIUM (6.5)

Q: How severe is CVE-2026-27829?

CVE-2026-27829 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-27829?

Check the references section above for vendor advisories and patch information. Affected products include: Astro \@Astrojs\/Node.

Vulnerability Description

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an `inferSize` option that fetches remote images at render time to determine their dimensions. Remote image fetches are intended to be restricted to domains the site developer has manually authorized (using the `image.domains` or `image.remotePatterns` options). However, when `inferSize` is used, no domain validation is performed — the image is fetched from any host regardless of the configured restrictions. An attacker who can influence the image URL (e.g., via CMS content or user-supplied data) can cause the server to fetch from arbitrary hosts. This allows bypassing `image.domains` / `image.remotePatterns` restrictions to make server-side requests to unauthorized hosts. This includes the risk of server-side request forgery (SSRF) against internal network services and cloud metadata endpoints. Version 9.5.4 fixes the issue.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Astro	\@Astrojs\/Node	>= 9.0.0, < 9.5.4

Related Weaknesses (CWE)

CWE-918

References

https://github.com/withastro/astro/commit/e01e98b063e90d274c42130ec2a60cc0966622Patch
https://github.com/withastro/astro/security/advisories/GHSA-cj9f-h6r6-4cx2ExploitVendor Advisory

FAQ

What is CVE-2026-27829?

CVE-2026-27829 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` / `image.remotePatterns` restrictions, enabling the server to fetch content ...

How severe is CVE-2026-27829?

CVE-2026-27829 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-27829?

Check the references section above for vendor advisories and patch information. Affected products include: Astro \@Astrojs\/Node.