Plattform
nodejs
Komponente
terriajs-server
Behoben in
4.0.4
4.0.3
CVE-2026-27818 is a validation vulnerability in terrajs-server that allows attackers to bypass proxy restrictions. This occurs because the hostname validation only checks if a hostname ends with an allowed domain, enabling the proxying of unauthorized domains. Versions of terrajs-server up to 4.0.2 are affected, and a fix is available in version 4.0.3.
This vulnerability allows an attacker to bypass proxy restrictions within terrajs-server. The flawed validation logic only checks if a hostname ends with an allowed domain, rather than requiring an exact match. This means an attacker could register a malicious domain (e.g., maliciousexample.com) and configure terrajs-server to proxy content through it, even if example.com is the only allowed domain. This effectively circumvents the intended security controls, potentially exposing sensitive data or allowing the attacker to inject malicious content into proxied requests. The blast radius extends to any user or system relying on terrajs-server's proxy functionality for security or content filtering.
This vulnerability was publicly disclosed on 2026-02-26. No public proof-of-concept (PoC) code has been released at the time of writing, but the ease of exploitation makes it a potential target. The vulnerability's impact is significant due to the potential for bypassing proxy restrictions, which are often implemented for security or content filtering purposes. It is not currently listed on the CISA KEV catalog.
Organizations using terrajs-server for proxying web traffic, particularly those with sensitive data or critical services, are at risk. Shared hosting environments where multiple users share a terrajs-server instance are also particularly vulnerable, as a compromise of one user's account could potentially affect others.
• nodejs / server:
ps aux | grep terrajs-server• nodejs / server:
find / -name "proxyableDomains" -type f• generic web:
Check terrajs-server logs for requests to unexpected or unauthorized domains. Look for patterns indicating proxy bypass attempts.
• generic web:
Review terrajs-server configuration files for overly permissive proxyableDomains settings.
disclosure
Exploit-Status
EPSS
0.10% (26% Perzentil)
CISA SSVC
The primary mitigation is to upgrade terrajs-server to version 4.0.3 or later, which includes the corrected validation logic. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to unexpected or unauthorized domains. Carefully review and restrict the proxyableDomains configuration, ensuring it only includes absolutely necessary domains. Monitor access logs for suspicious proxy requests originating from unexpected domains. There are no specific Sigma or YARA rules readily available for this vulnerability, but custom rules can be developed based on observed malicious domain patterns.
Aktualisieren Sie TerriaJS-Server auf Version 4.0.3 oder höher. Diese Version behebt die Domain-Validierungs-Bypass-Schwachstelle in der Proxy-Allowlist. Das Update kann über den npm-Paketmanager durchgeführt werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27818 is a vulnerability in terrajs-server where a validation bug allows attackers to bypass proxy restrictions by proxying unauthorized domains.
If you are using terrajs-server versions up to 4.0.2, you are potentially affected by this vulnerability.
Upgrade terrajs-server to version 4.0.3 or later to address the vulnerability. Consider WAF rules as a temporary mitigation.
There is currently no indication of active exploitation of CVE-2026-27818.
Refer to the terrajs-server project's release notes or security advisories for details on this vulnerability and the fix.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.