Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-42175
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-12 May, 2026 | 17:52
Updated At-13 May, 2026 | 15:37
Rejected At-
▼CVE Numbering Authority (CNA)
requests-hardened: Server-Side Request Forgery (SSRF) in requests-hardened RFC 6598

requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addresses within the RFC 6598 Shared Address Space (100.64.0.0/10). An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This is for example relevant in environments such as AWS EKS where 100.64.0.0/10 is commonly used as the default pod CIDR. The impact is environment-dependent, deployments that utilize the affected CIDR range for internal networking are exposed to SSRF bypass, while others may not be affected. This vulnerability is fixed in .

Affected Products
Vendor
saleor
Product
requests-hardened
Versions
Affected
  • < 1.2.1
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918: Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918: Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/saleor/requests-hardened/security/advisories/GHSA-vh75-fwv3-pqrh
x_refsource_CONFIRM
https://github.com/saleor/requests-hardened/commit/a266b3958bb142bca515b3c230fdea19fbda327c
x_refsource_MISC
https://github.com/saleor/requests-hardened/commit/b7403f88d3b3689e57435b75b51691a160aaeef5
x_refsource_MISC
https://github.com/saleor/requests-hardened/releases/tag/v1.2.1
x_refsource_MISC
Hyperlink: https://github.com/saleor/requests-hardened/security/advisories/GHSA-vh75-fwv3-pqrh
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/saleor/requests-hardened/commit/a266b3958bb142bca515b3c230fdea19fbda327c
Resource:
x_refsource_MISC
Hyperlink: https://github.com/saleor/requests-hardened/commit/b7403f88d3b3689e57435b75b51691a160aaeef5
Resource:
x_refsource_MISC
Hyperlink: https://github.com/saleor/requests-hardened/releases/tag/v1.2.1
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found