CVE-2026-45082
Received Received - Intake
SSRF Protection Bypass in Karakeep via Redirect Chains

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: GitHub, Inc.

Description
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward internal/private network destinations, these protections could be bypassed through crafted HTTP redirect chains. By leveraging attacker-controlled redirects, an authenticated user could cause vulnerable application components to initiate requests toward internally reachable Docker network services accessible from the application environment. The issue affected multiple processing paths, including crawler-related functionality and video download processing flows. Version 0.32.0 contains a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-05-26
AI Q&A
2026-05-26
EPSS Evaluated
N/A
NVD
CVE-2026-45082
EUVD
EUVD-2026-31826
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
karakeep karakeep to 0.32.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Server-Side Request Forgery (SSRF) protection bypass in the Karakeep application versions prior to 0.32.0. Karakeep is a self-hostable bookmark-everything app. The flaw arises because the application inconsistently validates HTTP redirect destinations, allowing attacker-controlled redirect chains to bypass SSRF protections.

An authenticated user can exploit this vulnerability to make the application send requests to internal Docker network services that are normally protected and only accessible within the application's environment. This affects multiple processing paths, including crawler-related functions and video download processing.

The vulnerability was patched in version 0.32.0.


How can this vulnerability impact me? :

Exploiting this vulnerability allows an authenticated attacker to bypass SSRF protections and make the application send requests to internal services that are not normally exposed externally.

  • Exposure of internal APIs and services such as Meilisearch or Chrome debugging interfaces.
  • Potential access to internal-only endpoints, which could lead to information disclosure or further attacks within the internal network.
  • Compromise of internal infrastructure components used by the application, including search infrastructure and development services.

Because the attack requires only low privileges and no user interaction, it poses a significant risk to the confidentiality and availability of internal resources.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade Karakeep to version 0.32.0 or later, as this version contains the patch that fixes the SSRF protection bypass.

Additionally, restrict access to internal Docker network services from the application environment and review any processing paths that handle HTTP redirects, especially crawler and video download functionalities, to ensure they do not allow attacker-controlled redirect chains.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart