Page Replica Server-Side Request Forgery Vulnerability in Sitemap Fetch Endpoint

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Page Replica versions prior to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The issue arises in the Endpoint component, specifically within the sitemap.fetch function of the /sitemap file. The vulnerability allows remote attackers to manipulate the url parameter, leading to unauthorized outbound requests from the server to attacker-specified locations. This could be exploited to access internal services, cloud metadata, or other restricted resources.

Impact

Exploitation of this vulnerability could allow access to internal network services, exposure of cloud instance metadata, and interaction with privileged internal APIs. Additionally, it could enable reconnaissance of internal networks or abuse of the server as a proxy for external scanning.

Added: Mar 27, 2026, 2:18 AM

Updated: Mar 27, 2026, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.2

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.2

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Page Replica Server-Side Request Forgery Vulnerability in Sitemap Fetch Endpoint

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating