PT-2026-37248 · Npm · Inngest
Published
2026-05-05
·
Updated
2026-05-05
·
CVE-2026-42047
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Summary
A vulnerability in the Inngest TypeScript SDK versions
3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler.The
serve() handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS, or DELETE fall through to a generic handler that returns diagnostic information. A change introduced in v3.22.0 caused this diagnostic response to include the contents of process.env, exposing any secrets, API keys, or credentials present in the environment.Who is affected
An application is vulnerable if all of the following are true:
- It uses
inngestSDK version>= 3.22.0, <= 3.53.1(inclusive) - Its
serve()endpoint is reachable viaPATCH,OPTIONS, orDELETErequests.
Please check your framework's implementation for the serve handler (documentation) to asses whether it handles these HTTP methods. Common vulnerable configurations include:
- Next.js Pages Router, which forwards all HTTP methods to the handler.
- Express via
app.use('/api/inngest', serve(...)), which routesPATCHandOPTIONSto the handler by default.
The following are not affected:
- Next.js App Router handlers that explicitly export only
GET,POST, andPUT. - Applications using the
connectworker method. - SDK versions
< 3.22.0and>= 3.54.0, including all4.xreleases.
The vulnerability was responsibly disclosed by an Inngest user. At this time, there are no known reports of exploitation.
Remediation
- Upgrade to
inngest@3.54.0or later. The fix is backwards compatible with the3.xrelease line. The4.xline is also unaffected. - Rotate any secrets that were presence in environment variables (
process.env) within affected environments including Inngest signing keys and event keys - Search logs for any requests to your
serveendpoints using thePATCH,OPTIONS,DELETEhttp methods to assess if any environment variables may have been exposed.
Additional recommendations
Users on platforms with long-lived deployments (e.g. Vercel, Cloudflare Workers) should be aware that prior deployments remain reachable at their immutable URLs and may continue to expose the vulnerability even after a new deployment is promoted. For example, Vercel offers security features such as "Deployment Protection" and the ability to delete older deployments which can help immediately mitigate impact.
For additional security, users can also adjust firewall or proxy rules to only allow requests to their
serve endpoint from Inngest IP addresses available here: http://inngest.com/ips-v4, http://inngest.com/ips-v6Workarounds
If upgrading is not immediately possible, restrict the
serve() endpoint at the framework or reverse-proxy layer to accept only GET, POST, and PUT. The Inngest serve() endpoint does not require any other HTTP methods.Resources
- Rotating Inngest keys: https://www.inngest.com/docs/platform/manage/rotating-keys
- Inngest signing keys: https://www.inngest.com/docs/platform/signing-keys
- Inngest event keys: https://www.inngest.com/docs/events/creating-an-event-key
- Inngest security best practices: https://www.inngest.com/docs/learn/security
Credits
- Ben Hylak - an independent security researcher, discovered and responsibly disclosed the vulnerability.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Inngest