Is this vulnerability remotely exploitable over the internet?

Yes, if the TerriaJS-Server proxy endpoint is reachable from the internet or other untrusted networks, an attacker can remotely attempt to abuse the proxy to access unintended domains.

Does an attacker need special privileges or authentication to exploit this?

In many configurations, exploitation requires no more access than a normal user has to the application's proxy feature. If the proxy is exposed without strong authentication or additional controls, an unauthenticated attacker may be able to exploit it.

What is the safest general fix pattern for this issue?

The safest pattern is to implement strict, canonical URL parsing and enforce a robust allowlist where the final resolved host and port are compared against explicit, minimal `proxyableDomains`. Additionally, limit protocols, block localhost and internal address ranges where not needed, and avoid relying on fragile string-based domain checks.

Severity:

HIGH RISK

(7.5)

Improper Input Validation & SSRF (CWE-20, CWE-918) in TerriaJS-Server Proxy Configuration

CVE-2026-27818

Published:

Feb 25, 2026

Status:

Analyzed

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

NDV

Recent Vulnerabilities

CWE-78

CRITICAL RISK

CRITICAL

(9.9)

Command Injection in MCP Stdio Configuration Validation (CWE-78) in WeKnora

Remote Code Execution

March 7, 2026

CWE-89

CRITICAL RISK

CRITICAL

(9.9)

SQL Injection via PostgreSQL Array/Row Expressions (CWE-89) in WeKnora Query Engine

Remote Code Execution via SQL Injection on the Database Server

March 7, 2026

Vulnerability Type

Category:

Server-Side Request Forgery (SSRF)

CWE:

CWE-20;CWE-918

Impact:

Network pivot via SSRF and unauthorized access to internal HTTP(S) resources

Severity:

HIGH RISK

(7.5)

CVSS Version:

3.1

Vulnerability Type

Category:

Server-Side Request Forgery (SSRF)

CWE:

CWE-20;CWE-918

Impact:

Network pivot via SSRF and unauthorized access to internal HTTP(S) resources

Severity:

HIGH RISK

(7.5)

CVSS Version:

3.1

Catch This CVE While Code Is Being Written

Detect vulnerable code directly in pull requests, so CVEs are fixed before merge.

Get Started

Ship clean & secure code faster

START 14 DAYS FREE TRIAL

BOOK A DEMO

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Improper Input Validation & SSRF (CWE-20, CWE-918) in TerriaJS-Server Proxy Configuration

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

Recent Vulnerabilities

CRITICAL RISK

CRITICAL

(9.9)

Command Injection in MCP Stdio Configuration Validation (CWE-78) in WeKnora

CRITICAL RISK

CRITICAL

(9.9)

SQL Injection via PostgreSQL Array/Row Expressions (CWE-89) in WeKnora Query Engine

Vulnerability Type

Vulnerability Type

Vulnerability Type

Catch This CVE While Code Is Being Written

Ship clean & secure code faster

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare