Medium

SSRF and Credential Leakage in Saloon endpoint URL handling

IdentifiersCVE-2026-33182CWE-918· Server-Side Request Forgery (SSRF)

CVE-2026-33182 affects the Saloon PHP library prior to version 4.0.0. When constructing a request URL, Saloon joined a connector base URL with a request endpoint. If the supplied endpoint was a valid absolute URL, the library used that absolute URL directly and ignored the configured base URL. As a result, requests could be sent to an attacker-controlled host while still carrying authentication material attached by the connector, including headers, cookies, or bearer tokens. In deployments where the endpoint value could be influenced by user input or configuration, such as redirect_uri or callback URL fields, this behavior created a server-side request forgery condition and enabled credential leakage to third-party infrastructure. Version 4.0.0 fixes the issue by rejecting absolute URLs in the endpoint by default: URLHelper::join() now throws an InvalidArgumentException unless the behavior is explicitly allowed on a per-connector or per-request basis.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

The primary impact is confidentiality compromise. Successful exploitation can disclose sensitive API credentials, session tokens, cookies, and other authentication headers to an attacker-controlled endpoint. Those leaked credentials can then be used to obtain unauthorized access to upstream third-party services integrated with the affected application. Depending on the privileges associated with the exposed tokens, an attacker may be able to manipulate external data, trigger unauthorized transactions, abuse connected service accounts, and pivot into other connected systems or environments. The provided content indicates the host application's local database is not directly impacted, and there is no direct integrity or availability impact on the host application itself, but downstream compromise of external services can still produce significant operational, financial, and reputational damage.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, prevent untrusted input from controlling Saloon request endpoints. Enforce strict validation so endpoint values are relative paths only, or restrict them to a hardcoded allowlist of trusted hosts and schemes. Do not pass user-supplied redirect_uri, callback URL, or similar values directly into endpoint construction. Consider stripping or segregating sensitive authentication headers and cookies when making requests whose destination is not fully trusted. Network egress controls and outbound filtering can also reduce exposure by preventing requests to arbitrary external hosts.

Remediation

Patch, then assume compromise.

Upgrade Saloon to version 4.0.0 or later. The fix changes URL handling so that absolute endpoint URLs are rejected by default and URLHelper::join() throws InvalidArgumentException when an endpoint is a valid absolute URL, unless the caller explicitly opts in. Review application code that passes endpoint values derived from user input or configuration and ensure only expected relative paths are accepted. Where absolute URLs are genuinely required, enable that behavior only explicitly and only for trusted destinations, with strict validation and allowlisting.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

SaloonSaloonapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

cvereportsNews

Mar 25, 2026

CVE-2026-33182: CVE-2026-33182: Server-Side Request Forgery and Credential Leakage in Saloon PHP | CVEReports

A vulnerability that can expose sensitive API credentials and session tokens, enabling unauthorized access to integrated third-party services and potential downstream compromise of connected systems.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-33182

NVD

nvd.nist.gov/vuln/detail/CVE-2026-33182

MITRE CWE · CWE-918

Server-Side Request Forgery (SSRF)

Vendor Advisory

github.com/saloonphp/saloon/security/advisories/GHSA-c83f-3xp6-hfcp

Release Notes

docs.saloon.dev/upgrade/upgrading-from-v3-to-v4