CVE-2026-25534 is a critical Server-Side Request Forgery (SSRF) vulnerability identified in the io.spinnaker.clouddriver clouddriver-artifacts component of the Spinnaker continuous delivery platform. The vulnerability stems from insufficient URL validation logic that fails to correctly handle underscores in URLs when parsed by Java URL objects. This parsing flaw allows attackers to bypass prior URL validation protections, including those implemented for a previous vulnerability (CVE-2025-61916). The issue affects multiple versions of clouddriver-artifacts prior to patched releases 2025.2.4, 2025.3.1, 2025.4.1, and 2026.0.0. The vulnerability impacts both the clouddriver and Orca components due to shared URL validation logic. Exploiting this SSRF flaw enables an attacker with limited privileges to craft malicious URLs that cause the server to make unauthorized HTTP requests to internal or external resources. This can lead to unauthorized data disclosure, partial service disruption, or further internal network reconnaissance. The vulnerability requires no user interaction and has a low attack complexity, but does require some level of privileges (PR:L). The CVSS v3.1 base score is 9.1, reflecting critical severity with high confidentiality impact, limited integrity impact, and some availability impact. No known exploits have been reported in the wild yet. Spinnaker has released patches in the specified versions to address this issue by improving URL validation logic. As a temporary mitigation, disabling artifact features that process user-supplied URLs can reduce risk. Given Spinnaker’s widespread use in cloud-native continuous delivery pipelines, this vulnerability poses a significant risk to organizations relying on these systems for software deployment and artifact management.

The SSRF vulnerability in Spinnaker’s clouddriver-artifacts can have severe consequences for organizations worldwide. By exploiting this flaw, attackers can induce the server to send crafted requests to internal or external systems, potentially bypassing network segmentation and firewall rules. This can lead to unauthorized access to sensitive internal services, leakage of confidential data, and reconnaissance of internal infrastructure. The partial integrity impact means attackers might manipulate artifact retrieval or deployment processes, potentially injecting malicious artifacts or disrupting deployment workflows. Availability impact, though limited, could result from resource exhaustion or denial of service conditions triggered by malicious requests. Organizations using Spinnaker in critical continuous delivery pipelines risk operational disruption and compromise of software supply chain integrity. The vulnerability’s ease of exploitation and high confidentiality impact make it attractive for attackers aiming to escalate privileges or pivot within cloud environments. The lack of required user interaction further increases the threat. Overall, this vulnerability threatens confidentiality, integrity, and availability of deployment pipelines and associated infrastructure, potentially leading to significant operational and reputational damage.

To mitigate CVE-2026-25534, organizations should promptly apply the official patches released in Spinnaker versions 2025.2.4, 2025.3.1, 2025.4.1, and 2026.0.0, which address the URL validation bypass. Patch management processes should prioritize these updates due to the critical severity. As an immediate workaround, disabling artifact-related features that process user-supplied URLs can reduce exposure until patches are applied. Additionally, organizations should implement strict network segmentation and egress filtering to limit the ability of compromised services to reach sensitive internal resources. Monitoring and logging of outbound requests from clouddriver components can help detect anomalous SSRF attempts. Security teams should audit deployment pipelines for unusual artifact retrieval patterns and validate all user inputs rigorously. Employing Web Application Firewalls (WAFs) with SSRF detection rules can provide an additional layer of defense. Finally, conducting regular security assessments of continuous delivery infrastructure and updating threat models to include SSRF risks will improve long-term resilience.