GHSA-w79m-f3jx-779v: Koel: Authenticated Blind SSRF via Subsonic Podcast Channel Creation
Koel version prior to 9.7.0 contains an authenticated blind Server-Side Request Forgery (SSRF) vulnerability in its Subsonic-compatible podcast channel creation route. Unlike the main podcast subscription API, which uses SafeUrl validation to block private/internal URLs, the Subsonic route lacks this protection, allowing authenticated users to supply private URLs that Koel fetches server-side during podcast parsing. This enables SSRF to internal network destinations accessible from the Koel server. The vulnerability was confirmed in version 9.6.0 and allows internal HTTP requests to loopback, Docker bridge, and RFC1918 addresses. No public exploit is known, and the impact is limited to SSRF-based internal request execution without confirmed data exfiltration.
AI Analysis
Technical Summary
Koel v9.6.0 protects its regular podcast subscription API URLs with SafeUrl validation to prevent SSRF to private/internal addresses. However, the Subsonic-compatible createPodcastChannel.view route does not apply SafeUrl validation and only checks that the URL is a string and a valid URL format. This discrepancy allows an authenticated user to supply a private/internal URL that Koel fetches server-side immediately during podcast channel creation. The SSRF occurs as part of the podcast parser's addPodcast() function, which calls Poddle::fromUrl() on the attacker-controlled URL. This bypasses Koel's intended SSRF protections on podcast URLs. The vulnerability was validated using the official phanan/koel:9.6.0 Docker image. The main API rejects private URLs with a 422 error, but the Subsonic route accepts and processes them, causing Koel to make HTTP requests to internal services reachable from the server. The vulnerability is distinct from a prior SSRF fixed in versions <= 9.3.4. The suggested remediation is to apply SafeUrl validation to the Subsonic podcast URL input and add defense-in-depth checks in the podcast parser entry point.
Potential Impact
An authenticated attacker can cause Koel to make server-side HTTP requests to internal network destinations that are normally blocked by the main API. This includes loopback addresses, Docker bridge IPs, and RFC1918 private IP ranges reachable from the Koel server. The impact is SSRF-based internal service discovery and request execution. No confirmed data exfiltration or remote code execution has been demonstrated through this vulnerability. The SSRF can be used to probe internal services and potentially interact with them via HTTP requests initiated by Koel.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The vendor recommends applying the SafeUrl validation rule to the Subsonic createPodcastChannel.view route to block private/internal URLs, consistent with the main podcast API. Additionally, adding validation in the podcast parser entry point to reject unsafe URLs is advised as defense in depth. Until a patch is available, restrict access to trusted authenticated users and monitor for unusual internal HTTP requests originating from Koel.
GHSA-w79m-f3jx-779v: Koel: Authenticated Blind SSRF via Subsonic Podcast Channel Creation
Description
Koel version prior to 9.7.0 contains an authenticated blind Server-Side Request Forgery (SSRF) vulnerability in its Subsonic-compatible podcast channel creation route. Unlike the main podcast subscription API, which uses SafeUrl validation to block private/internal URLs, the Subsonic route lacks this protection, allowing authenticated users to supply private URLs that Koel fetches server-side during podcast parsing. This enables SSRF to internal network destinations accessible from the Koel server. The vulnerability was confirmed in version 9.6.0 and allows internal HTTP requests to loopback, Docker bridge, and RFC1918 addresses. No public exploit is known, and the impact is limited to SSRF-based internal request execution without confirmed data exfiltration.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Koel v9.6.0 protects its regular podcast subscription API URLs with SafeUrl validation to prevent SSRF to private/internal addresses. However, the Subsonic-compatible createPodcastChannel.view route does not apply SafeUrl validation and only checks that the URL is a string and a valid URL format. This discrepancy allows an authenticated user to supply a private/internal URL that Koel fetches server-side immediately during podcast channel creation. The SSRF occurs as part of the podcast parser's addPodcast() function, which calls Poddle::fromUrl() on the attacker-controlled URL. This bypasses Koel's intended SSRF protections on podcast URLs. The vulnerability was validated using the official phanan/koel:9.6.0 Docker image. The main API rejects private URLs with a 422 error, but the Subsonic route accepts and processes them, causing Koel to make HTTP requests to internal services reachable from the server. The vulnerability is distinct from a prior SSRF fixed in versions <= 9.3.4. The suggested remediation is to apply SafeUrl validation to the Subsonic podcast URL input and add defense-in-depth checks in the podcast parser entry point.
Potential Impact
An authenticated attacker can cause Koel to make server-side HTTP requests to internal network destinations that are normally blocked by the main API. This includes loopback addresses, Docker bridge IPs, and RFC1918 private IP ranges reachable from the Koel server. The impact is SSRF-based internal service discovery and request execution. No confirmed data exfiltration or remote code execution has been demonstrated through this vulnerability. The SSRF can be used to probe internal services and potentially interact with them via HTTP requests initiated by Koel.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The vendor recommends applying the SafeUrl validation rule to the Subsonic createPodcastChannel.view route to block private/internal URLs, consistent with the main podcast API. Additionally, adding validation in the podcast parser entry point to reject unsafe URLs is advised as defense in depth. Until a patch is available, restrict access to trusted authenticated users and monitor for unusual internal HTTP requests originating from Koel.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-w79m-f3jx-779v
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-54492"]
- Ecosystems
- ["Packagist"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 3.1
Threat ID: 6a58b51668715ace43db3b07
Added to database: 07/16/2026, 10:40:22 UTC
Last enriched: 07/16/2026, 14:27:44 UTC
Last updated: 07/16/2026, 14:27:44 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.