CVE-2026-39361

Name of the Vulnerable Software and Affected Versions OpenObserve versions prior to 0.70.4

Description OpenObserve, a cloud-native observability platform, has an issue where the validate enrichment url function in src/handler/http/request/enrichment table/mod.rs does not properly block IPv6 addresses. The Rust url crate returns IPv6 addresses with surrounding brackets (e.g., '[::1]' instead of '::1'). This allows an authenticated attacker to access internal services that are blocked from external access. In cloud deployments, this can lead to the retrieval of IAM credentials via AWS IMDSv1 (169.254.169.254), GCP metadata, or Azure IMDS. In self-hosted deployments, it allows probing of internal network services.

Recommendations Update to version 0.70.4 or later.