CVE-2026-30117
Arbitrary File Upload in Scalar Astro via SVG
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| scalar | astro | 0.1.13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in scalar/astro v0.1.13 is an arbitrary file upload issue found in the scalar_url query parameter of the Scalar Proxy endpoint.
This flaw allows attackers to upload a specially crafted SVG file, which can then be used to execute arbitrary code on the affected system.
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution by an attacker, potentially allowing them to take control of the affected system.
Such control could be used to compromise data, disrupt services, or further penetrate the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in scalar/astro v0.1.13 allows arbitrary file upload leading to remote code execution, which can result in unauthorized access, data breaches, and system compromise.
Such security breaches can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining system integrity.
Failure to mitigate this vulnerability could lead to violations of these regulations due to potential exposure or manipulation of protected data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an arbitrary file upload via the scalar_url query parameter in the Scalar Proxy endpoint, allowing attackers to upload crafted SVG files that can lead to arbitrary code execution.
To detect this vulnerability on your system or network, you should monitor and analyze requests to the Scalar Proxy endpoint, specifically looking for unusual or suspicious uploads of SVG files through the scalar_url parameter.
While no specific detection commands are provided in the available resources, general approaches include:
- Using web server logs or network traffic analysis tools (e.g., tcpdump, Wireshark) to identify requests containing the scalar_url parameter with SVG file uploads.
- Employing web application firewall (WAF) rules to detect and block suspicious file uploads targeting the scalar_url parameter.
- Running custom scripts or using vulnerability scanners that can test the scalar_url parameter for arbitrary file upload vulnerabilities by attempting to upload crafted SVG files.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling file uploads via the scalar_url query parameter in the Scalar Proxy endpoint.
Additional recommended actions are:
- Implement strict validation and sanitization of uploaded files, ensuring only allowed file types and safe content are accepted.
- Apply patches or updates provided by the software vendor once available.
- Use web application firewalls (WAFs) to block malicious upload attempts targeting this vulnerability.
- Monitor logs for suspicious activity related to the scalar_url parameter and uploaded SVG files.