Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

GHSA-w79m-f3jx-779v: Koel: Authenticated Blind SSRF via Subsonic Podcast Channel Creation

0
Medium
Published: 07/15/2026 (07/15/2026, 17:07:16 UTC)
Source: GCVE Database
Product: phanan/koel

Description

Koel version prior to 9.7.0 contains an authenticated blind Server-Side Request Forgery (SSRF) vulnerability in its Subsonic-compatible podcast channel creation route. Unlike the main podcast subscription API, which uses SafeUrl validation to block private/internal URLs, the Subsonic route lacks this protection, allowing authenticated users to supply private URLs that Koel fetches server-side during podcast parsing. This enables SSRF to internal network destinations accessible from the Koel server. The vulnerability was confirmed in version 9.6.0 and allows internal HTTP requests to loopback, Docker bridge, and RFC1918 addresses. No public exploit is known, and the impact is limited to SSRF-based internal request execution without confirmed data exfiltration.

CVSS v3.1

Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected software

Packagistghsa
phanan/koel
Affected versions
<9.7.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 14:27:44 UTC

Technical Analysis

Koel v9.6.0 protects its regular podcast subscription API URLs with SafeUrl validation to prevent SSRF to private/internal addresses. However, the Subsonic-compatible createPodcastChannel.view route does not apply SafeUrl validation and only checks that the URL is a string and a valid URL format. This discrepancy allows an authenticated user to supply a private/internal URL that Koel fetches server-side immediately during podcast channel creation. The SSRF occurs as part of the podcast parser's addPodcast() function, which calls Poddle::fromUrl() on the attacker-controlled URL. This bypasses Koel's intended SSRF protections on podcast URLs. The vulnerability was validated using the official phanan/koel:9.6.0 Docker image. The main API rejects private URLs with a 422 error, but the Subsonic route accepts and processes them, causing Koel to make HTTP requests to internal services reachable from the server. The vulnerability is distinct from a prior SSRF fixed in versions <= 9.3.4. The suggested remediation is to apply SafeUrl validation to the Subsonic podcast URL input and add defense-in-depth checks in the podcast parser entry point.

Potential Impact

An authenticated attacker can cause Koel to make server-side HTTP requests to internal network destinations that are normally blocked by the main API. This includes loopback addresses, Docker bridge IPs, and RFC1918 private IP ranges reachable from the Koel server. The impact is SSRF-based internal service discovery and request execution. No confirmed data exfiltration or remote code execution has been demonstrated through this vulnerability. The SSRF can be used to probe internal services and potentially interact with them via HTTP requests initiated by Koel.

Mitigation Recommendations

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The vendor recommends applying the SafeUrl validation rule to the Subsonic createPodcastChannel.view route to block private/internal URLs, consistent with the main podcast API. Additionally, adding validation in the podcast parser entry point to reject unsafe URLs is advised as defense in depth. Until a patch is available, restrict access to trusted authenticated users and monitor for unusual internal HTTP requests originating from Koel.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
GHSA-w79m-f3jx-779v
Osv Schema Version
1.4.0
Aliases
["CVE-2026-54492"]
Ecosystems
["Packagist"]
Database Specific Severity
MODERATE
Cvss Version
3.1

Threat ID: 6a58b51668715ace43db3b07

Added to database: 07/16/2026, 10:40:22 UTC

Last enriched: 07/16/2026, 14:27:44 UTC

Last updated: 07/16/2026, 14:27:44 UTC

Views: 3

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses