๐Ÿ” CVE Alert

CVE-2026-45568

UNKNOWN 0.0

zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing requests.request to return a server-side response from an attacker-chosen URL. This issue is fixed in version 2.0.3.

CWE CWE-22
Vendor openziti
Product zrok
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for openziti zrok

Be the first to know when new unknown vulnerabilities affecting openziti zrok are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

openziti / zrok
>= 0.4.47, < 2.0.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/openziti/zrok/security/advisories/GHSA-jh67-hwqw-m5r7 github.com: https://github.com/openziti/zrok/commit/7c1dc3ecd1c89d8cd2e845a72c3878bd2d31b4fe github.com: https://github.com/openziti/zrok/releases/tag/v2.0.3