logo

Database

Server-side request forgery (SSRF) In @nocobase/plugin-workflow-request

Description

NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins

Summary

NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost.

Vulnerable Code

1. Workflow HTTP Request Plugin

packages/plugins/@nocobase/plugin-workflow-request/src/server/RequestInstruction.ts lines 117-128:

return axios.request({
  url: trim(url),  // User-controlled, no validation
  method,
  headers,
  params,
  timeout,
  ...(method.toLowerCase() !== 'get' && data != null
    ? { data: transformer ? await transformer(data) : data }...

The url at line 98 comes directly from user workflow configuration with only whitespace trimming.

2. Custom Request Action Plugin

packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts lines 172-198:

const axiosRequestConfig = {
  baseURL: ctx.origin,
  ...options,
  url: getParsedValue(url, variables),  // User-controlled via template
  headers: { ... },
  params: getParsedValue(arrayToObject(params), variables),
  data: getParsedValue(toJSON(data), variables),
};...

Missing Protections

    No request-filtering-agent or SSRF library (confirmed via grep across entire codebase)

    No private IP range filtering

    No cloud metadata endpoint blocking

    No URL scheme validation

    No DNS rebinding protection

Attack Scenario

    Authenticated user creates a workflow with HTTP Request node

    Sets URL to http://169.254.169.254/latest/meta-data/iam/security-credentials/

    Triggers the workflow

    Server fetches AWS metadata and returns IAM credentials in workflow execution logs

Alternatively via Custom Request action:

    Create custom request with URL http://127.0.0.1:5432 or http://10.0.0.1:8080/admin

    Execute the action

    Server makes request to internal service

Impact

    Cloud metadata theft: AWS/GCP/Azure credentials via metadata endpoints

    Internal network access: Scan and interact with services on private IP ranges

    Database access: Connect to localhost databases (PostgreSQL, Redis, etc.)

    Authentication required: Yes (authenticated user), but any workspace member can create workflows

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-403462. NVD-2026-403463. OSV-2026-403464. GHSA-mvvv-v22x-xqwp5. GCVE-2026-40346

References

1. https://github.com/nocobase/nocobase/security/advisories/GHSA-mvvv-v22x-xqwp2. https://github.com/nocobase/nocobase/pull/90793. https://github.com/nocobase/nocobase/commit/2853368243ed07339c62c548b7d475f4eeaada594. https://github.com/nocobase/nocobase/releases/tag/v2.0.37

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.