CVE-2026-40072
Server-Side Request Forgery in web3.py CCIP Read Implementation
Publication date: 2026-04-09
Last updated on: 2026-04-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| python_software_foundation | web3.py | From 6.0.0b3 (inc) to 7.15.0 (exc) |
| python_software_foundation | web3.py | 7.15.0 |
| python_software_foundation | web3.py | 8.0.0b2 |
| ethereum | web3.py | From 6.0.0b3 (inc) to 7.15.0 (exc) |
| ethereum | web3.py | From 8.0.0b1 (inc) |
| ethereum | web3.py | to 7.15.0 (inc) |
| ethereum | web3.py | to 8.0.0b2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-40072 is a Server-Side Request Forgery (SSRF) vulnerability in the web3.py library, which is used to interact with the Ethereum blockchain using Python. The vulnerability arises because web3.py performs HTTP requests to URLs provided directly by smart contracts during CCIP Read / OffchainLookup operations without validating these URLs.
Specifically, from versions 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py uses contract-supplied URLs as-is (after simple template substitution) without checking if the destination is safe or allowed. Since CCIP Read is enabled by default, any application using web3.py's .call() method is exposed to SSRF risks without explicit opt-in.
This means a malicious contract can cause the web3.py process to send HTTP requests to arbitrary destinations, including internal network services or cloud metadata endpoints, potentially exposing sensitive internal resources.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker controlling a malicious smart contract to induce your backend services using web3.py to make HTTP requests to arbitrary internal or external destinations.
- Unauthorized access to internal network services, including loopback addresses and private IP ranges.
- Access to cloud metadata endpoints, such as AWS IMDS, which can expose sensitive credentials or configuration.
- Network reconnaissance by probing internal network topology, open ports, and triggering side effects on internal APIs.
- Blind SSRF attacks where the attacker cannot see the response but can cause requests to be sent, potentially triggering harmful actions.
- Amplification of SSRF attacks via redirects, since the vulnerable versions follow HTTP redirects without validation.
- Potential triggering of state-changing operations on internal services via POST requests with attacker-controlled JSON bodies.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unexpected HTTP requests originating from backend services using web3.py, especially requests to internal or cloud metadata endpoints triggered by contract calls.
A proof of concept involves running a local HTTP server to detect SSRF requests triggered by malicious OffchainLookup payloads containing URLs pointing to local addresses such as http://127.0.0.1:9999/.
Suggested commands include setting up a local HTTP server (e.g., using Python's built-in HTTP server) and monitoring logs for incoming requests that indicate SSRF attempts.
- Start a local HTTP server to catch SSRF requests: `python3 -m http.server 9999`
- Monitor network traffic or logs for unexpected outbound HTTP requests from your web3.py backend to internal IP ranges such as 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or cloud metadata IPs like 169.254.169.254.
- Use network monitoring tools (e.g., tcpdump, Wireshark) to capture HTTP requests from the application process.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading web3.py to versions 7.15.0 or 8.0.0b2 where the vulnerability is fixed by enforcing strict URL validation and request handling.
If upgrading is not immediately possible, configure the provider to restrict CCIP Read requests by:
- Enabling URL scheme validation to allow only HTTPS URLs (disallow HTTP by default).
- Blocking requests to private or reserved IP ranges such as 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and cloud metadata IPs.
- Disabling automatic following of HTTP redirects (`allow_redirects=False`) to prevent redirect-based SSRF amplification.
- Using the `ccip_read_url_validator` callback to implement custom URL validation policies.
Additionally, consider disabling CCIP Read functionality in server-side contexts or restricting usage to trusted contracts only.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-40072 is a Server-Side Request Forgery (SSRF) vulnerability in the web3.py library that allows attackers to induce HTTP requests from backend services to arbitrary internal or external endpoints, including cloud metadata services and internal network resources.
This vulnerability can lead to unauthorized access to sensitive internal resources and network reconnaissance, which may result in exposure of confidential data or unauthorized actions within internal systems.
Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive data, as well as protection against unauthorized internal network access.
Therefore, organizations using vulnerable versions of web3.py without mitigation may face increased risk of non-compliance due to potential data breaches or unauthorized internal access stemming from this SSRF vulnerability.