Back to Advisories
eresus-adv-2026-002HighCVSS: 8.6

ERESUS-ADV-2026-002: Server-Side Request Forgery (SSRF) via Cloud Metadata Endpoints

Disclosed: 2026-03-28

Summary

During a routine cloud security assessment, Eresus Labs identified a widespread pattern of Server-Side Request Forgery (SSRF) vulnerabilities in applications hosted on major cloud providers (AWS, GCP, Azure). The vulnerability allows an unauthenticated attacker to reach internal cloud metadata endpoints, potentially extracting IAM credentials, service account tokens, and environment configuration data.

Affected Systems

  • Web applications accepting user-supplied URLs (e.g., webhook endpoints, image fetchers, PDF generators)
  • Services hosted on AWS EC2, GCP Compute Engine, or Azure Virtual Machines with Instance Metadata Service (IMDS) v1 enabled
  • Applications using server-side HTTP clients without egress filtering

Technical Details

The vulnerability occurs when a server-side component fetches a URL provided by the user without proper validation. An attacker can supply internal cloud metadata URLs such as:

http://169.254.169.254/latest/meta-data/iam/security-credentials/
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/

If the application's HTTP client follows redirects or does not enforce an allowlist, the response may contain:

  • Temporary AWS IAM credentials (Access Key, Secret Key, Session Token)
  • GCP service account OAuth tokens
  • Azure Managed Identity tokens
  • Environment variables containing database passwords or API keys

Impact

An attacker exploiting this vulnerability can escalate from an unauthenticated external position to full cloud account compromise, depending on the IAM role or service account permissions attached to the instance.

CVSS 3.1 Base Score: 8.6 (High) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Remediation

  1. Enforce IMDSv2 (AWS): Require token-based metadata access by setting HttpTokens: required on all EC2 instances.
  2. Implement URL allowlists: Validate user-supplied URLs against a strict allowlist of permitted domains and IP ranges.
  3. Block internal ranges: Deny outbound requests to 169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, and link-local addresses at the network or application level.
  4. Disable unnecessary metadata endpoints: On GCP, restrict metadata server access using firewall rules. On Azure, consider disabling IMDS if not required.
  5. Monitor for anomalous metadata access: Audit CloudTrail (AWS), Cloud Audit Logs (GCP), or Azure Activity Logs for unexpected metadata API calls.

Timeline

| Date | Event | |------|-------| | 2026-03-15 | Vulnerability pattern identified during client engagement | | 2026-03-20 | Internal validation and PoC development | | 2026-03-25 | Advisory draft reviewed by Eresus Labs | | 2026-03-28 | Public advisory released |

References

Credit

Discovered by the Eresus Labs offensive research team during a cloud security engagement.