Anchore's Quill, a tool for macOS binary signing and notarization, contains an SSRF vulnerability (CVE-2026-31959) in versions before 0.7.1. When Quill retrieves Apple notarization submission logs, it follows URLs provided in Apple's API responses without validating the URL scheme or ensuring the host is not a local or multicast IP address. This lack of validation allows an attacker who can tamper with the notarization API responses to supply arbitrary URLs. Under normal circumstances, Apple's notarization API responses are protected by HTTPS with proper TLS certificate validation, preventing tampering. However, in environments with TLS-intercepting proxies (common in corporate networks), compromised certificate authorities, or other trust boundary violations, an attacker could manipulate these API responses. As a result, Quill would issue HTTP or HTTPS requests to attacker-controlled servers or internal network resources. This SSRF can be leveraged to exfiltrate sensitive data such as cloud provider credentials or internal service responses accessible from the client environment. Both the Quill command-line interface and its library components are vulnerable. The issue is addressed in Quill version 0.7.1 by adding proper validation of the URL scheme and host to prevent requests to unauthorized destinations. The CVSS 3.1 base score is 5.3 (medium severity), reflecting the requirement for network conditions that allow response tampering and the high confidentiality impact but no integrity or availability impact. No known exploits are reported in the wild as of the publication date.

This SSRF vulnerability poses a significant confidentiality risk to organizations using vulnerable versions of Quill for macOS binary signing and notarization. If an attacker can manipulate Apple's notarization API responses, they can induce Quill to make requests to internal or attacker-controlled systems, potentially exposing sensitive internal resources or credentials. This could lead to unauthorized access to cloud provider credentials or internal services, facilitating further compromise or data breaches. The impact is particularly critical in environments where TLS interception proxies or compromised certificate authorities exist, such as corporate networks with deep packet inspection or environments with weak trust boundaries. However, exploitation is limited by the need to tamper with API responses protected by HTTPS, reducing the attack surface under normal secure conditions. Organizations relying on Quill for notarization workflows may face risks of data leakage and internal network reconnaissance if this vulnerability is exploited. The vulnerability does not affect integrity or availability directly but can be a stepping stone for more severe attacks.

Organizations should immediately upgrade Anchore Quill to version 0.7.1 or later, which includes fixes to validate URL schemes and restrict hosts to prevent SSRF. Additionally, network administrators should minimize the use of TLS-intercepting proxies or ensure that such proxies properly validate and do not alter trusted API responses. Monitoring and restricting internal network access from endpoints running Quill can reduce the risk of internal resource exposure. Implement strict certificate authority management to prevent trust boundary violations and regularly audit trusted CAs. Employ network segmentation and egress filtering to limit outbound requests from build or notarization environments to only necessary destinations. Finally, consider using application-layer firewalls or endpoint security solutions that can detect anomalous outbound requests originating from Quill or similar tools.