Cyber Resilience

CVE-2026-30832

CriticalPublic PoC

Published: 07 March 2026

Published
07 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
EPSS Score 0.0033 24.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-30832 is a critical-severity SSRF (CWE-918) vulnerability in Charm Soft Serve. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-30832 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting Soft Serve, a self-hostable Git server for the command line. The flaw impacts versions from 0.6.0 up to but not including 0.11.4, where an authenticated SSH user can force the server to issue HTTP requests to internal or private IP addresses. This occurs by executing the repo import command with a crafted --lfs-endpoint URL.

Exploitation requires an authenticated SSH user with repository import privileges. The initial request is a blind batch to a metadata endpoint, which fails to parse as valid LFS JSON. An attacker hosting a fake LFS server can chain this by returning download URLs that redirect to internal targets, enabling full read access to internal services. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L), reflecting its high severity from network reachability, low complexity, low privileges, scope change, and predominant confidentiality impact.

The vulnerability has been patched in Soft Serve version 0.11.4. Mitigation involves upgrading to this version or later. Official resources include the patching commit at https://github.com/charmbracelet/soft-serve/commit/3ef660098ab37a7950457da8ecc25b516e37ce4e, release notes at https://github.com/charmbracelet/soft-serve/releases/tag/v0.11.4, and the GitHub security advisory at https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-3fvx-xrxq-8jvv.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a…

more

crafted --lfs-endpoint URL. The initial batch request is blind (the response from a metadata endpoint won't parse as valid LFS JSON), but an attacker hosting a fake LFS server can chain this into full read access to internal services by returning download URLs that point at internal targets. This issue has been patched in version 0.11.4.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.005 Cloud Instance Metadata API Credential Access
Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.
Why these techniques?

SSRF in public-facing Soft Serve server directly enables T1190 exploitation via crafted repo import and facilitates T1522 by allowing requests to internal metadata endpoints.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-22130Same product: Charm Soft Serve
CVE-2026-24058Same product: Charm Soft Serve
CVE-2026-33039Shared CWE-918
CVE-2026-33351Shared CWE-918
CVE-2025-54122Shared CWE-918
CVE-2026-25545Shared CWE-918
CVE-2026-41905Shared CWE-918
CVE-2025-50180Shared CWE-918
CVE-2026-28423Shared CWE-918
CVE-2026-42595Shared CWE-918

Affected Assets

charm
soft serve
0.6.0 — 0.11.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates user-supplied --lfs-endpoint URLs during repo import to block crafted inputs that force HTTP requests to internal/private IP addresses, directly mitigating the SSRF vulnerability.

prevent

Enforces information flow control policies prohibiting the Soft Serve server from making unauthorized outbound connections to internal services based on user-controlled LFS endpoints.

prevent

Requires timely flaw remediation by upgrading to Soft Serve version 0.11.4 or later, which patches the SSRF vulnerability in the repo import function.

References