| Titre | PerfectHQ Perfect >=3.6.26 Time-of-check Time-of-use |
|---|
| Description | Vulnerability Report: Prefect SSRF Bypass via DNS Rebinding
Title: Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url
Product: Prefect (PrefectHQ/prefect)
Affected Versions: All 3.x releases up to and including 3.6.26
CWE: CWE-367 (TOCTOU), CWE-918 (SSRF), CWE-350 (Reliance on Untrusted Inputs)
CVSS 3.1: 7.5 (High) - AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Description:
The validate_restricted_url utility in Prefect Server, which serves as an SSRF guard for Webhooks and Notification blocks, is vulnerable to a DNS rebinding Time-of-Check to Time-of-Use (TOCTOU) flaw. The utility performs an initial DNS lookup to validate that an IP is not private, but the subsequent HTTP request re-resolves the hostname. An attacker controlling a malicious DNS server can provide a public IP during the validation phase and a private/loopback IP (e.g., 127.0.0.1 or x.x.x.x) during the connection phase, effectively bypassing the SSRF protection.
Impact:
This bypass allows authenticated users or actors with the ability to configure webhook URLs to coerce the Prefect Server into making arbitrary internal HTTP requests. Attackers can target cloud metadata services, loopback administration APIs, or internal Kubernetes services that are otherwise unreachable from the public internet.
Proof of Concept:
1. Start an internal HTTP server on 127.0.0.1:9999.
2. Configure a DNS rebinding service where the first query for a hostname returns a public IP and the second returns 127.0.0.1.
3. Pass the malicious URL to validate_restricted_url; it returns successfully.
4. Execute an outbound request to the same URL using httpx; the request successfully hits the local server and retrieves sensitive data.
Fix:
The vulnerability is addressed by moving validation into the transport layer. The fix ensures that all resolved IP addresses are validated (preventing multi-record bypasses) and that the connection is made to the specific validated IP literal, preventing a second DNS resolution.
The fix was implemented here: [https://github.com/PrefectHQ/prefect/commit/f2bad07afafe89a42e86ad5f6756237e102c7f59](https://github.com/PrefectHQ/prefect/commit/f2bad07afafe89a42e86ad5f6756237e102c7f59) |
|---|
| La source | ⚠️ https://gist.github.com/nedlir/fa99777e8989414585d08c3625bf044a |
|---|
| Utilisateur | nedlir (UID 95981) |
|---|
| Soumission | 17/04/2026 22:20 (il y a 2 mois) |
|---|
| Modérer | 03/05/2026 11:18 (16 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 360900 [PrefectHQ prefect jusqu’à 3.6.28.dev1 Webhook/Notification validate_restricted_url race condition] |
|---|
| Points | 20 |
|---|