PT-2026-60377 · Pypi · Tensorzero
Publicado
2026-07-15
·
Atualizado
2026-07-15
·
CVE-2026-54457
CVSS v3.1
7.7
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Impact
The
/internal/object storage endpoint accepts a caller-supplied JSON storage path parameter that dynamically overrides the TensorZero [object storage] configuration.By abusing the
filesystem storage type, a caller can read arbitrary files from the gateway filesystem, including files that may contain sensitive credentials. Similarly, by abusing the s3 compatible storage type, the caller can coerce the gateway into making outbound object storage requests to attacker-chosen internal/cloud-metadata endpoints.This vulnerability only applies when the gateway can be accessed by untrusted callers. If a developer's TensorZero deployment has authentication enabled, only authenticated callers can exploit this vulnerability. If a developer's deployment has authentication disabled, any caller can exploit this vulnerability.
Remediation
The vulnerability has been patched in version
2026.6.0. See PR #7527.Workarounds
If developers are unable to upgrade a gateway that is exposed to untrusted callers, please block external access to the
/internal/object storage endpoint.Correção
SSRF
Files Accessible to External Parties
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Tensorzero