External risk intelligence

Repomix SSRF via Unvalidated Repository URLs in POST /api/pack.

CVE advisorySeverity: CRITICAL (CVSS 9.2)

CVE-2026-59702

The vulnerability exists in a public-facing API endpoint (/api/pack) designed to process repository URLs. As a web service endpoint that performs outbound requests based on user input, it is commonly exposed to the internet in real-world deployments to function as intended.

Server-Side Request Forgery

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in repomix, a system that handles repository integrations. This flaw allows unauthenticated attackers to trick the system into accessing sensitive internal resources, including private network addresses and local files, by submitting specially crafted URLs. This could expose confidential information or allow unauthorized actions within your network.

  • Attackers can exploit an unvalidated URL flaw.
  • It could expose sensitive internal network information.
  • Confirm repomix usage and potential internal exposure.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending a crafted request to the `/api/pack` endpoint. This endpoint is designed to accept repository URLs and uses them to clone repositories. However, it does not adequately validate these URLs, allowing an attacker to provide a malicious URL that points to internal network resources, cloud provider metadata services, or even local files on the server. Successful exploitation could allow an attacker to gain unauthorized access to sensitive information or internal systems.

  • Unauthenticated access to a public API.
  • Sending a malicious URL to the API.
  • Accessing sensitive internal resources.

Live Threat

Current exploitation, exposure, and threat context

Unauthenticated attackers could exploit a server-side request forgery vulnerability in the API to make arbitrary outbound requests. This could allow them to access sensitive internal network resources, cloud metadata services, or local files when the system is configured to process certain URLs.

  • Access to private network resources.
  • Outbound requests to internal systems.
  • Exposure of network configurations.

Operational Fix

Recommended remediation, mitigation, and detection steps

The repomix server-side request forgery vulnerability necessitates action from teams managing web applications and their underlying infrastructure. Application owners are responsible for the code and its deployed instances, while infrastructure or platform teams manage the environments where repomix runs. Security and network teams must assess and mitigate exposure. The immediate first step is to locate all repomix instances, determine their accessibility and criticality, identify the responsible application owner, and then plan remediation based on risk.

  • Application and platform teams own remediation.
  • Verify repomix instances and network exposure.
  • Plan immediate mitigation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the repomix software used for?

Repomix is a tool designed to integrate and process software repositories. It typically functions as a service that accepts repository URLs to perform automated tasks, such as cloning code for analysis or packaging. Because it is intended to handle remote repository locations, it requires an interface to receive these URLs and perform outbound network operations.

How does CVE-2026-59702 represent a Server-Side Request Forgery vulnerability?

This vulnerability, classified as CWE-918, occurs because the application fails to vet the URLs provided to it. When an application accepts a URL and processes it without checking if the destination is safe, an attacker can manipulate the input. In this case, the system acts as a proxy, visiting internal or restricted addresses on behalf of the attacker because it trusts the input URL implicitly.

Do I need to be authenticated to trigger this vulnerability?

No, this flaw is reachable by unauthenticated attackers. The vulnerable POST /api/pack endpoint does not require a user session to process requests. Simply submitting a malicious URL to this specific endpoint is sufficient to trigger the flaw; internal or legitimate repository requests are not required to activate the underlying request-processing mechanism.

Why is this CVE considered high risk for internet-facing systems?

According to Halo Surface Signal, this endpoint is often intentionally exposed to the internet to function as a public service. Because it resides on a public-facing API, it is easily reachable by external actors. This allows attackers to bypass perimeter defenses and use the server as a jumping-off point to probe private networks or access local files that should remain hidden.

How should I respond if I am running repomix?

Begin by auditing your environment to locate all active instances of repomix. Coordinate with the application owners to understand how these instances are deployed and determine if they are reachable from the network or the internet. Assess the sensitivity of the data and internal services these instances can reach, then prioritize remediation based on the potential impact to your internal infrastructure.

References