Cyber Resilience

CVE-2026-32857

HighPublic PoC

Published: 26 March 2026

Published
26 March 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 7.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0041 32.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32857 is a high-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-32857 is a server-side request forgery (SSRF) protection bypass vulnerability in Firecrawl versions 2.8.0 and prior, specifically within the Playwright scraping service. The flaw occurs because network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can provide an externally valid URL that passes initial validation but triggers an HTTP redirect to an internal or restricted resource, enabling the browser to follow the redirect and access the final destination without further checks.

Any unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Successful exploitation allows the attacker to gain access to internal network services and sensitive endpoints via the redirected requests, resulting in high confidentiality impact due to the changed scope. This issue, linked to CWE-918, is distinct from CVE-2024-56800, which covers redirect-based SSRF more generally, as it specifically exploits a post-redirect enforcement gap in SSRF protections.

Mitigation details and patches are documented in the following advisories: the Firecrawl GitHub security advisory at https://github.com/firecrawl/firecrawl/security/advisories/GHSA-vjp8-2wgg-p734, the Firecrawl website at https://www.firecrawl.dev/, and the VulnCheck advisory at https://www.vulncheck.com/advisories/firecrawl-playwright-service-ssrf-protection-bypass-via-missing-post-redirect-validation.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply…

more

an externally valid URL that passes validation and returns an HTTP redirect to an internal or restricted resource, allowing the browser to follow the redirect and fetch the final destination without revalidation, thereby gaining access to internal network services and sensitive endpoints. This issue is distinct from CVE-2024-56800, which describes redirect-based SSRF generally. This vulnerability specifically arises from a post-redirect enforcement gap in implemented SSRF protections, where validation is applied only to the initial request and not to the final redirected destination.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF protection bypass in public-facing scraping service directly enables T1190 by allowing unauthenticated attackers to reach internal resources after initial validation passes.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-13195Shared CWE-918
CVE-2026-5052Shared CWE-918
CVE-2025-58045Shared CWE-918
CVE-2025-69299Shared CWE-918
CVE-2026-42398Shared CWE-918
CVE-2026-7025Shared CWE-918
CVE-2025-2691Shared CWE-918
CVE-2025-21385Shared CWE-918
CVE-2026-6625Shared CWE-918
CVE-2026-30118Shared CWE-918

Affected Assets

Firecrawl
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates validation of all information inputs, directly addressing the post-redirect validation gap that allows SSRF bypass in the Playwright scraping service.

prevent

AC-4 enforces information flow policies to restrict unauthorized access to internal or restricted resources via server-initiated requests following redirects.

prevent

SC-7 monitors and controls communications at system boundaries, preventing outbound requests to internal network services triggered by validated initial URLs and redirects.

References