CVE-2026-40072: CWE-918: Server-Side Request Forgery (SSRF) in ethereum web3.py
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup (EIP-3668) by performing HTTP requests to URLs supplied by smart contracts in offchain_lookup_payload["urls"]. The implementation uses these contract-supplied URLs directly (after {sender} / {data} template substitution) without any destination validation. CCIP Read is enabled by default (global_ccip_read_enabled = True on all providers), meaning any application using web3.py's .call() method is exposed without explicit opt-in. This results in Server-Side Request Forgery (SSRF) when web3.py is used in backend services, indexers, APIs, or any environment that performs eth_call / .call() against untrusted or user-supplied contract addresses. A malicious contract can force the web3.py process to issue HTTP requests to arbitrary destinations, including internal network services and cloud metadata endpoints. This vulnerability is fixed in 7.15.0 and 8.0.0b2.
AI Analysis
Technical Summary
web3.py versions >=6.0.0b3 and <7.15.0, and >=8.0.0b1 and <8.0.0b2 implement CCIP Read / OffchainLookup (EIP-3668) by making HTTP requests to URLs specified by smart contracts in offchain_lookup_payload["urls"] without validating these URLs. Since CCIP Read is enabled by default, any backend service using web3.py's .call() method with untrusted contract addresses is vulnerable to SSRF. A malicious contract can cause the web3.py process to send HTTP requests to arbitrary destinations, including internal networks and cloud metadata endpoints. This vulnerability is resolved in versions 7.15.0 and 8.0.0b2.
Potential Impact
An attacker controlling a malicious smart contract can exploit this vulnerability to cause backend services using vulnerable versions of web3.py to make arbitrary HTTP requests. This can lead to unauthorized access to internal network resources or cloud metadata services. However, the overall impact is rated low based on the CVSS 4.0 score of 1.7, reflecting limited attack complexity and impact scope.
Mitigation Recommendations
Upgrade web3.py to version 7.15.0 or later, or 8.0.0b2 or later, where this SSRF vulnerability is fixed. Until upgraded, avoid using .call() with untrusted or user-supplied contract addresses. Patch status is not explicitly stated as 'patchAvailable' but the fix is included in the specified versions, so upgrading is the recommended remediation.
CVE-2026-40072: CWE-918: Server-Side Request Forgery (SSRF) in ethereum web3.py
Description
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup (EIP-3668) by performing HTTP requests to URLs supplied by smart contracts in offchain_lookup_payload["urls"]. The implementation uses these contract-supplied URLs directly (after {sender} / {data} template substitution) without any destination validation. CCIP Read is enabled by default (global_ccip_read_enabled = True on all providers), meaning any application using web3.py's .call() method is exposed without explicit opt-in. This results in Server-Side Request Forgery (SSRF) when web3.py is used in backend services, indexers, APIs, or any environment that performs eth_call / .call() against untrusted or user-supplied contract addresses. A malicious contract can force the web3.py process to issue HTTP requests to arbitrary destinations, including internal network services and cloud metadata endpoints. This vulnerability is fixed in 7.15.0 and 8.0.0b2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
web3.py versions >=6.0.0b3 and <7.15.0, and >=8.0.0b1 and <8.0.0b2 implement CCIP Read / OffchainLookup (EIP-3668) by making HTTP requests to URLs specified by smart contracts in offchain_lookup_payload["urls"] without validating these URLs. Since CCIP Read is enabled by default, any backend service using web3.py's .call() method with untrusted contract addresses is vulnerable to SSRF. A malicious contract can cause the web3.py process to send HTTP requests to arbitrary destinations, including internal networks and cloud metadata endpoints. This vulnerability is resolved in versions 7.15.0 and 8.0.0b2.
Potential Impact
An attacker controlling a malicious smart contract can exploit this vulnerability to cause backend services using vulnerable versions of web3.py to make arbitrary HTTP requests. This can lead to unauthorized access to internal network resources or cloud metadata services. However, the overall impact is rated low based on the CVSS 4.0 score of 1.7, reflecting limited attack complexity and impact scope.
Mitigation Recommendations
Upgrade web3.py to version 7.15.0 or later, or 8.0.0b2 or later, where this SSRF vulnerability is fixed. Until upgraded, avoid using .call() with untrusted or user-supplied contract addresses. Patch status is not explicitly stated as 'patchAvailable' but the fix is included in the specified versions, so upgrading is the recommended remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T00:39:12.204Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d7e6ff1cc7ad14dafe8de8
Added to database: 4/9/2026, 5:50:55 PM
Last enriched: 4/9/2026, 6:06:17 PM
Last updated: 5/24/2026, 9:43:05 PM
Views: 125
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.