Ghostwire

Home / Vulnerabilities / CVE-2026-41321

CVE-2026-41321: Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)

Published: April 23, 2026 | Last Modified: April 23, 2026

Description

Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)

Proof-of-Concept Exploits (2)

• withastro/astro
• withastro/astro

References

• github.com/withastro/astro/security/advisories/GHSA-88gm-j2wx-58h6
• github.com/withastro/astro/commit/a43eb4b40b4f81530e3c9b5e2959495900320433
• github.com/advisories/GHSA-qpr4-c339-7vq8
• github.com/withastro/astro/releases/tag/%40astrojs%2Fcloudflare%4013.1.10
• github.com/advisories/GHSA-88gm-j2wx-58h6
• www.tenable.com/cve/CVE-2026-41321
• www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-41321