CVE-2026-33752: Curl Cffi Ssrf Unsafe Redirects
curl_cffi defaults to indiscriminate HTTP redirect following. An attacker can exploit this by causing an external server to redirect requests down to sensitive internal or private IP ranges (SSRF). Set `allow_redirects="safe"` or `allow_redirects=CurlFollow.SAFE` to reject internal redirects, or disable redirects entirely via `allow_redirects=False`. Upgrade
greprules fetch cve-2026-33752-curl-cffi-ssrf-unsafe-redirects --engine opengrepDescription
curl_cffi defaults to indiscriminate HTTP redirect following. An attacker can exploit this by causing an external server to redirect requests down to sensitive internal or private IP ranges (SSRF). Set `allow_redirects="safe"` or `allow_redirects=CurlFollow.SAFE` to reject internal redirects, or disable redirects entirely via `allow_redirects=False`. Upgrade
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.