Swagger.json files are JSON documents that describe REST API endpoints and metadata, facilitating developer interaction with APIs. Attackers scan for these files because they provide a roadmap of API features and can disclose information about the underlying application, which may help in finding vulnerabilities. The Internet Storm Center observed continuous and widespread scanning activity targeting common swagger.json URL paths. This activity highlights the security risk of inadvertently exposing swagger.json files publicly. The threat is not a software vulnerability but an information exposure risk due to misconfiguration or improper access controls.

Exposure of swagger.json files can reveal detailed API structure and metadata, which may assist attackers in reconnaissance and identifying potential attack vectors. However, swagger.json files themselves do not contain executable code vulnerabilities. The impact depends on whether the exposed API endpoints have vulnerabilities or sensitive data accessible through them. There are no known exploits in the wild specifically targeting swagger.json files, but their availability increases the attack surface.

There is no patch applicable as this is not a software vulnerability but an exposure risk. Organizations should proactively scan their environments to detect publicly accessible swagger.json files and restrict access to them appropriately. Access controls, authentication, and network segmentation should be applied to prevent unauthorized access to API documentation files. Developers should avoid publishing swagger.json files in publicly accessible locations unless necessary and ensure that sensitive API details are not exposed. Regular security reviews of API exposure are recommended.