{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33682", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T16:34:59.931Z", "datePublished": "2026-03-26T21:45:05.616Z", "dateUpdated": "2026-03-27T20:00:36.574Z"}, "containers": {"cna": {"title": "Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846"}, {"name": "https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76", "tags": ["x_refsource_MISC"], "url": "https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76"}, {"name": "https://github.com/streamlit/streamlit/releases/tag/1.54.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/streamlit/streamlit/releases/tag/1.54.0"}], "affected": [{"vendor": "streamlit", "product": "streamlit", "versions": [{"version": "< 1.54.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:45:05.616Z"}, "descriptions": [{"lang": "en", "value": "Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\\\attacker-controlled-host\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0."}], "source": {"advisory": "GHSA-7p48-42j8-8846", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T14:11:13.804113Z", "id": "CVE-2026-33682", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:00:36.574Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33682", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T14:11:13.804113Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:11:17.397Z"}}], "cna": {"title": "Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)", "source": {"advisory": "GHSA-7p48-42j8-8846", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "streamlit", "product": "streamlit", "versions": [{"status": "affected", "version": "< 1.54.0"}]}], "references": [{"url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846", "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76", "name": "https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/streamlit/streamlit/releases/tag/1.54.0", "name": "https://github.com/streamlit/streamlit/releases/tag/1.54.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\\\attacker-controlled-host\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:45:05.616Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33682", "state": "PUBLISHED", "dateUpdated": "2026-03-27T20:00:36.574Z", "dateReserved": "2026-03-23T16:34:59.931Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T21:45:05.616Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:windows:*:*", "matchCriteriaId": "497DB8B7-82E6-4AB2-8D27-4C1F333C5D24", "versionEndExcluding": "1.54.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\\\attacker-controlled-host\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0."}, {"lang": "es", "value": "Streamlit es un framework de desarrollo de aplicaciones orientado a datos para python. Las versiones de Streamlit Open Source anteriores a la 1.54.0 ejecut\u00e1ndose en hosts Windows tienen una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) no autenticada. La vulnerabilidad surge de una validaci\u00f3n incorrecta de las rutas del sistema de archivos proporcionadas por el atacante. En ciertas rutas de c\u00f3digo, incluyendo dentro del 'ComponentRequestHandler', las rutas del sistema de archivos se resuelven usando 'os.path.realpath()' o 'Path.resolve()' antes de que ocurra una validaci\u00f3n suficiente. En sistemas Windows, proporcionar una ruta UNC maliciosa (por ejemplo, '\\\\attacker-controlled-host\\share') puede hacer que el servidor de Streamlit inicie conexiones SMB salientes a trav\u00e9s del puerto 445. Cuando Windows intenta autenticarse con el servidor SMB remoto, las credenciales de desaf\u00edo-respuesta NTLMv2 del usuario de Windows que ejecuta el proceso de Streamlit pueden ser transmitidas. Este comportamiento puede permitir a un atacante realizar ataques de retransmisi\u00f3n NTLM contra otros servicios internos y/o identificar hosts SMB accesibles internamente mediante an\u00e1lisis de tiempo. La vulnerabilidad ha sido corregida en la versi\u00f3n 1.54.0 de Streamlit Open Source."}], "id": "CVE-2026-33682", "lastModified": "2026-04-01T13:28:47.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T22:16:30.880", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/streamlit/streamlit/releases/tag/1.54.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.54.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "streamlit", "source": "cna", "vendor": "streamlit"}, "product": "streamlit", "vendor": "streamlit"}], "analysis": {"en": {"generated_at": "2026-04-02T04:14:59.619152+00:00", "value": {"mitigation_remediation": ["Upgrade Streamlit to version 1.54.0 or later.", "Ensure the application runs on Windows hosts only with the patched version; verify that no older 1.53.x or earlier versions remain.", "Restrict inbound traffic to the Streamlit service with a firewall or network rules to block external UNC path requests.", "Monitor SMB connection logs and HTTP request patterns for anomalous UNC paths to detect potential exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "NTLM credential exposure via SSRF"}, "threat_synthesis": {"affected_systems": "All Streamlit Open Source deployments running on Windows that use a version earlier than 1.54.0 are affected. The issue occurs in the ComponentRequestHandler code path that handles arbitrary filesystem paths requested by users. Any instance that exposes the default HTTP port to the network and accepts user\u2011supplied paths may be vulnerable.", "description_and_impact": "It is a server\u2011side request forgery in Streamlit Open Source that lets an unauthenticated attacker supply a UNC path. The server resolves the path with os.path.realpath or Path.resolve before validating it, causing the Windows process to open an SMB connection on port\u00a0445. During OS authentication the Windows user\u2019s NTLMv2 credentials are sent, allowing an attacker to perform an NTLM relay attack against internal services or map usable SMB hosts timing\u2011wise. The flaw is classified as CWE\u2011918 and enables credential theft rather than direct code execution.", "risk_and_exploitability": "The CVSS base score is 4.7, indicating medium impact, while the EPSS score is below 1\u202f% and the vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires making an unauthenticated HTTP request to the Streamlit server with a crafted UNC path; no privileged shell or memory corruption is needed. Therefore the likelihood of exploitation is currently low, but because the vulnerability leaks NTLM credentials it poses a significant risk if the host is in an internal network with other services."}}}}, "created": "2026-03-27T08:31:37.569295+00:00", "updated": "2026-04-02T07:56:10.290421+00:00", "vendors": ["streamlit", "streamlit$PRODUCT$streamlit"]}