CVE-2026-44520: Python Requests Ssrf Redirect
HTTP requests made to user-supplied URLs with automatic redirection enabled are vulnerable to Server-Side Request Forgery (SSRF). An attacker can supply an external URL that redirects to a sensitive internal or loopback IP address (like 169.254.169.254), bypassing preliminary URL validation. Disable automatic redirects by explicitly passing `allow_redirects=
Pythongreprules fetch cve-2026-44520-python-requests-ssrf-redirect --engine opengrepDescription
HTTP requests made to user-supplied URLs with automatic redirection enabled are vulnerable to Server-Side Request Forgery (SSRF). An attacker can supply an external URL that redirects to a sensitive internal or loopback IP address (like 169.254.169.254), bypassing preliminary URL validation. Disable automatic redirects by explicitly passing `allow_redirects=
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0