CVE-2026-45806 in Penpot
Summary
by MITRE • 07/15/2026
Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import passed the user-controlled url from frontend/src/app/main/data/workspace/media.cljs into the backend RPC method :create-file-media-object-from-url in backend/src/app/rpc/commands/media.clj, where media/download-image in backend/src/app/media.clj used the shared HTTP client without destination filtering, allowing an authenticated file editor to reach internal-only endpoints. This issue is fixed in version 2.15.0.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 07/15/2026
The vulnerability described represents a critical server-side request forgery (ssrf) flaw in Penpot's remote image import functionality that existed prior to version 2.15.0. This issue stems from insufficient input validation and destination filtering within the application's media handling pipeline, creating a pathway for authenticated users to potentially access internal network resources through the remote import mechanism. The vulnerability occurs when the frontend component at frontend/src/app/main/data/workspace/media.cljs passes user-controllable URL parameters directly to the backend RPC method :create-file-media-object-from-url in backend/src/app/rpc/commands/media.clj without proper sanitization or validation.
The technical implementation of this flaw involves the media/download-image function located in backend/src/app/media.clj which utilizes a shared HTTP client for downloading remote images. This shared client lacks proper destination filtering mechanisms that would normally prevent requests to internal network endpoints such as loopback addresses, private IP ranges, or other restricted internal services. The absence of such filtering allows an authenticated file editor to craft malicious URLs that could potentially reach internal-only endpoints within the server's network environment, effectively bypassing normal network security controls.
From an operational impact perspective, this vulnerability creates a significant risk for organizations using Penpot as their design collaboration platform. An attacker with valid user credentials and access to the file editing functionality can leverage this flaw to perform reconnaissance of internal network services, potentially discovering sensitive endpoints, databases, or other internal systems that should not be directly accessible from the application's external interface. The attack surface expands beyond simple image retrieval to include potential information disclosure, service enumeration, and possible further exploitation of internal services that may be running on the same network infrastructure.
The vulnerability aligns with CWE-918, Server-Side Request Forgery (SSRF), which describes a flaw where an attacker can manipulate server-side requests to access internal resources that would normally be protected by network security controls. Additionally, this issue maps to ATT&CK technique T1046 Network Service Scanning, as it enables attackers to discover and enumerate internal network services accessible from the vulnerable application server. The authentication requirement for exploitation means that the threat actor must first gain valid user credentials, but once obtained, the vulnerability provides a powerful lateral movement capability within the network environment.
Organizations should immediately upgrade to Penpot version 2.15.0 or later to address this vulnerability, as it represents a critical security risk in collaborative design environments where internal network access may be restricted for security reasons. The fix implemented in version 2.15.0 likely includes destination filtering mechanisms that prevent the shared HTTP client from accessing internal-only endpoints while maintaining legitimate external image import functionality. Security teams should also implement network-level monitoring to detect unusual outbound requests from Penpot servers and consider implementing additional access controls around file editing capabilities for users who do not require such privileges in their collaborative workflow.