Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

GHSA-824w-x939-6cmc: TensorZero Gateway: Arbitrary file read and SSRF in internal object storage endpoint

0
High
Published: 07/15/2026 (07/15/2026, 21:59:40 UTC)
Source: GCVE Database
Product: tensorzero

Description

TensorZero Gateway versions prior to 2026.6.0 contain a vulnerability in the /internal/object_storage endpoint that allows arbitrary file read and server-side request forgery (SSRF). This occurs because the endpoint accepts a user-controlled JSON parameter that overrides object storage configuration, enabling attackers to read sensitive files or coerce outbound requests to internal or cloud metadata endpoints. The vulnerability requires access to the gateway and is mitigated by authentication if enabled. A patch is available in version 2026.6.0.

CVSS v3.1

Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected software

PyPIghsa
tensorzero
Affected versions
<2026.6.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 10:55:11 UTC

Technical Analysis

The TensorZero Gateway's /internal/object_storage endpoint accepts a JSON parameter 'storage_path' that overrides the [object_storage] configuration. By exploiting the 'filesystem' storage type, attackers can read arbitrary files on the gateway filesystem, potentially exposing sensitive credentials. By exploiting the 's3_compatible' storage type, attackers can force the gateway to make outbound requests to attacker-controlled internal or cloud metadata endpoints, resulting in SSRF. This vulnerability affects deployments accessible by untrusted callers and is mitigated if authentication is enabled. The issue is fixed in version 2026.6.0.

Potential Impact

An attacker with access to the vulnerable endpoint can read arbitrary files on the gateway filesystem, potentially exposing sensitive information such as credentials. Additionally, the attacker can induce the gateway to perform SSRF attacks by making it send requests to internal or cloud metadata endpoints. This can lead to information disclosure and potential further compromise of internal resources. The vulnerability does not impact integrity or availability directly but poses a high confidentiality risk.

Mitigation Recommendations

A patch fixing this vulnerability is available in TensorZero Gateway version 2026.6.0 and should be applied to affected deployments. If upgrading is not immediately possible, external access to the /internal/object_storage endpoint should be blocked to prevent exploitation. Deployments with authentication enabled limit exploitation to authenticated users only.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
GHSA-824w-x939-6cmc
Osv Schema Version
1.4.0
Aliases
["CVE-2026-54457"]
Ecosystems
["PyPI"]
Database Specific Severity
HIGH
Cvss Version
3.1

Threat ID: 6a58b41268715ace43d68295

Added to database: 07/16/2026, 10:36:02 UTC

Last enriched: 07/16/2026, 10:55:11 UTC

Last updated: 07/16/2026, 10:55:11 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses