{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33768", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T18:30:14.127Z", "datePublished": "2026-03-24T18:40:12.549Z", "dateUpdated": "2026-03-24T18:53:24.069Z"}, "containers": {"cna": {"title": "Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`", "problemTypes": [{"descriptions": [{"cweId": "CWE-441", "lang": "en", "description": "CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/withastro/astro/security/advisories/GHSA-mr6q-rp88-fx84", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/withastro/astro/security/advisories/GHSA-mr6q-rp88-fx84"}, {"name": "https://github.com/withastro/astro/pull/15959", "tags": ["x_refsource_MISC"], "url": "https://github.com/withastro/astro/pull/15959"}, {"name": "https://github.com/withastro/astro/commit/335a204161f5a7293c128db570901d4f8639c6ed", "tags": ["x_refsource_MISC"], "url": "https://github.com/withastro/astro/commit/335a204161f5a7293c128db570901d4f8639c6ed"}, {"name": "https://github.com/withastro/astro/releases/tag/%40astrojs%2Fvercel%4010.0.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/withastro/astro/releases/tag/%40astrojs%2Fvercel%4010.0.2"}], "affected": [{"vendor": "withastro", "product": "astro", "versions": [{"version": "< 10.0.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T18:40:12.549Z"}, "descriptions": [{"lang": "en", "value": "Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and x_astro_path query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirely. The override preserves the original HTTP method and body, so this isn't limited to GET. POST, PUT, DELETE all land on the rewritten path. A Firewall rule blocking /admin/* does nothing when the request comes in as POST /api/health?x_astro_path=/admin/delete-user. This issue has been patched in version 10.0.2."}], "source": {"advisory": "GHSA-mr6q-rp88-fx84", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T18:53:09.129100Z", "id": "CVE-2026-33768", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:53:24.069Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33768", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T18:53:09.129100Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:53:20.363Z"}}], "cna": {"title": "Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`", "source": {"advisory": "GHSA-mr6q-rp88-fx84", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "withastro", "product": "astro", "versions": [{"status": "affected", "version": "< 10.0.2"}]}], "references": [{"url": "https://github.com/withastro/astro/security/advisories/GHSA-mr6q-rp88-fx84", "name": "https://github.com/withastro/astro/security/advisories/GHSA-mr6q-rp88-fx84", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/withastro/astro/pull/15959", "name": "https://github.com/withastro/astro/pull/15959", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/withastro/astro/commit/335a204161f5a7293c128db570901d4f8639c6ed", "name": "https://github.com/withastro/astro/commit/335a204161f5a7293c128db570901d4f8639c6ed", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/withastro/astro/releases/tag/%40astrojs%2Fvercel%4010.0.2", "name": "https://github.com/withastro/astro/releases/tag/%40astrojs%2Fvercel%4010.0.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and x_astro_path query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirely. The override preserves the original HTTP method and body, so this isn't limited to GET. POST, PUT, DELETE all land on the rewritten path. A Firewall rule blocking /admin/* does nothing when the request comes in as POST /api/health?x_astro_path=/admin/delete-user. This issue has been patched in version 10.0.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-441", "description": "CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T18:40:12.549Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33768", "state": "PUBLISHED", "dateUpdated": "2026-03-24T18:53:24.069Z", "dateReserved": "2026-03-23T18:30:14.127Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-24T18:40:12.549Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:astro:\\@astrojs\\/vercel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E77DAFA1-7306-47B7-9524-EBF8F8EE4CDA", "versionEndExcluding": "10.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and x_astro_path query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirely. The override preserves the original HTTP method and body, so this isn't limited to GET. POST, PUT, DELETE all land on the rewritten path. A Firewall rule blocking /admin/* does nothing when the request comes in as POST /api/health?x_astro_path=/admin/delete-user. This issue has been patched in version 10.0.2."}, {"lang": "es", "value": "Astro es un web framework. Antes de la versi\u00f3n 10.0.2, el punto de entrada sin servidor @astrojs/vercel lee la cabecera x-astro-path y el par\u00e1metro de consulta x_astro_path para reescribir la ruta de solicitud interna, sin autenticaci\u00f3n alguna. En despliegues sin Edge Middleware, esto permite a cualquiera eludir por completo las restricciones de ruta a nivel de plataforma de Vercel. La anulaci\u00f3n preserva el m\u00e9todo HTTP y el cuerpo originales, por lo que esto no se limita a GET. POST, PUT, DELETE todos aterrizan en la ruta reescrita. Una regla de cortafuegos que bloquea /admin/* no hace nada cuando la solicitud llega como POST /api/health?x_astro_path=/admin/delete-user. Este problema ha sido parcheado en la versi\u00f3n 10.0.2."}], "id": "CVE-2026-33768", "lastModified": "2026-03-26T13:37:30.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-24T19:16:55.653", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/withastro/astro/commit/335a204161f5a7293c128db570901d4f8639c6ed"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/withastro/astro/pull/15959"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/withastro/astro/releases/tag/%40astrojs%2Fvercel%4010.0.2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/withastro/astro/security/advisories/GHSA-mr6q-rp88-fx84"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-441"}, {"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.0.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "astro", "source": "cna", "vendor": "withastro"}, "product": "astro", "vendor": "withastro"}], "analysis": {"en": {"generated_at": "2026-03-26T15:24:34.516275+00:00", "value": {"mitigation_remediation": ["Upgrade @astrojs/vercel to version 10.0.2 or newer to eliminate the vulnerability."], "summary": {"action": "Immediate Patch", "impact": "Authorization Bypass via Unauthenticated Path Override"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to Astro framework deployments that use the @astrojs/vercel serverless entrypoint with a version older than 10.0.2. It is relevant to sites on the Vercel platform that do not use Edge Middleware, as the path override can divert requests from a public URL to any internal route such as \"/admin/*\". Clients should verify they are running @astrojs/vercel 10.0.2 or newer and that any edge or firewall rules are correctly configured.\n", "description_and_impact": "Astro's @astrojs/vercel serverless entrypoint, before version 10.0.2, accepts the x-astro-path header and the x_astro_path query parameter to rewrite the internal request path without requiring any authentication.\nThe rewrite keeps the original HTTP method and request body, which allows every method\u2014including POST, PUT, and DELETE\u2014to be directed at arbitrary paths. By crafting a request that targets a protected or administrative endpoint, an attacker can bypass Vercel platform\u2011level path restrictions and perform unauthorized actions. This flaw is a combination of path manipulation (CWE-441) and missing authorization checks (CWE-862), and can affect confidentiality, integrity, and availability of the application.\nNo code execution capabilities are granted directly through this path override; however, the ability to reach restricted resources may enable further attacks depending on the underlying application logic.\n", "risk_and_exploitability": "The CVSS score of 6.5 reflects moderate severity, and the EPSS score of less than 1% indicates that widespread exploitation is unlikely at present. The flaw is not listed in the CISA KEV catalog. An attacker can exploit the issue remotely by sending unauthenticated HTTP requests with the vulnerable header or query parameter; no additional privileges or credentials are required. Once exploited, the attacker can target any protected route, potentially enabling data manipulation or deletion.\n"}}}}, "created": "2026-03-25T11:46:31.487660+00:00", "updated": "2026-03-27T09:20:47.539862+00:00", "vendors": ["withastro", "withastro$PRODUCT$astro"]}