Astro is a modern web framework that includes an image pipeline feature allowing developers to specify trusted domains for remote image fetching via `image.domains` or `image.remotePatterns`. This is intended to restrict server-side requests to authorized hosts only. However, in versions 9.0.0 through 9.5.3, the `inferSize` option, which automatically fetches remote images to determine their dimensions during rendering, does not enforce these domain restrictions. Consequently, if an attacker can influence the image URL—such as through user input or content management systems—they can cause the server to fetch images from arbitrary, unauthorized hosts. This Server-Side Request Forgery (SSRF) vulnerability (CWE-918) allows attackers to make the server perform HTTP requests to internal network resources or cloud provider metadata endpoints that are normally inaccessible externally. Such access can lead to information disclosure, including sensitive internal services or credentials. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk. The CVSS 3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The issue was publicly disclosed on February 26, 2026, and fixed in Astro version 9.5.4. No known exploits are currently reported in the wild.

Organizations using vulnerable versions of the Astro framework (9.0.0 to 9.5.3) risk unauthorized internal network access via SSRF attacks. This can lead to exposure of sensitive internal services, cloud metadata endpoints (potentially leaking cloud credentials), and other protected resources. The SSRF can be leveraged to pivot attacks within the internal network, escalate privileges, or exfiltrate data. Since the vulnerability requires no authentication or user interaction, it can be exploited remotely by unauthenticated attackers if they can influence image URLs. This poses a significant risk to web applications relying on Astro for image processing, especially those integrated with internal APIs, cloud infrastructure, or sensitive backend services. The medium severity score reflects the moderate impact on integrity and availability, with no direct confidentiality impact unless combined with further exploitation. However, the potential for chained attacks increases the overall threat.

Upgrade all Astro framework instances to version 9.5.4 or later, where the SSRF vulnerability is fixed by enforcing domain validation during `inferSize` image fetches. Until upgrading, as a temporary mitigation, disable the `inferSize` option if it is not essential, preventing automatic remote image fetching. Additionally, implement strict input validation and sanitization on any user-controllable image URLs to prevent injection of arbitrary hosts. Employ network-level controls such as egress filtering and firewall rules to restrict server outbound HTTP requests to only trusted domains and IP ranges. Monitor application logs for unusual outbound requests to internal or unexpected external hosts. Conduct security reviews of CMS or user input mechanisms that influence image URLs to reduce attack surface. Finally, maintain up-to-date threat intelligence and patch management processes to respond promptly to similar vulnerabilities.