{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/dalfox/v2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["dalfox/v2"],"_cs_severities":["high"],"_cs_tags":["unauthenticated-access","file-read","ghsa"],"_cs_type":"advisory","_cs_vendors":["GitHub"],"content_html":"\u003cp\u003eDalfox, when run in REST API server mode, is vulnerable to an unauthenticated arbitrary file read. The \u003ccode\u003ecustom-payload-file\u003c/code\u003e field in \u003ccode\u003emodel.Options\u003c/code\u003e is deserialized from the request body and used to read files. An attacker can exploit this by sending a POST request to the \u003ccode\u003e/scan\u003c/code\u003e endpoint with a \u003ccode\u003ecustom-payload-file\u003c/code\u003e parameter pointing to a file on the server. Dalfox then reads the file line by line and includes each line as a payload in outbound HTTP requests directed at an attacker-controlled target URL. This vulnerability exists because the server, by default, does not require an API key. This allows an unauthenticated network attacker to exfiltrate the contents of arbitrary files readable by the dalfox process. The affected version is dalfox/v2 \u0026lt;= 2.12.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker sends a POST request to the \u003ccode\u003e/scan\u003c/code\u003e endpoint of the Dalfox REST API server (typically running on \u003ccode\u003e0.0.0.0:6664\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe request includes a JSON body with the \u003ccode\u003eurl\u003c/code\u003e, \u003ccode\u003eoptions\u003c/code\u003e, \u003ccode\u003ecustom-payload-file\u003c/code\u003e, \u003ccode\u003eskip-discovery\u003c/code\u003e, and \u003ccode\u003eparam\u003c/code\u003e fields set.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecustom-payload-file\u003c/code\u003e field contains the path to the file the attacker wants to read (e.g., \u003ccode\u003e/etc/hostname\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eskip-discovery\u003c/code\u003e option is set to \u003ccode\u003etrue\u003c/code\u003e, and \u003ccode\u003eparam\u003c/code\u003e is set to \u003ccode\u003e[\u0026quot;q\u0026quot;]\u003c/code\u003e to bypass checks.\u003c/li\u003e\n\u003cli\u003eDalfox reads the specified file line by line using \u003ccode\u003evoltFile.ReadLinesOrLiteral\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEach line of the file is embedded as the value of the \u003ccode\u003eq\u003c/code\u003e query parameter in a GET request to the attacker-controlled URL.\u003c/li\u003e\n\u003cli\u003eDalfox sends the HTTP GET request to the attacker\u0026rsquo;s server, exfiltrating one line of the file.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the file content via the query parameter of the HTTP GET request.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker to read arbitrary files on the Dalfox host that the Dalfox process has access to. This includes sensitive data like SSH private keys, TLS certificates, \u003ccode\u003e.env\u003c/code\u003e files containing credentials, cloud credential files, and system configuration files. If combined with other vulnerabilities, such as the \u003ccode\u003efound-action\u003c/code\u003e RCE, the attacker could potentially gain full control of the server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement the preferred remediation: Apply a denylist of fields that should never be accepted from the REST API, as suggested in the source, to prevent attackers from abusing \u003ccode\u003eCustomPayloadFile\u003c/code\u003e and other sensitive parameters.\u003c/li\u003e\n\u003cli\u003eRequire the \u003ccode\u003e--api-key\u003c/code\u003e flag at server startup, as suggested in the source, to mandate authentication for all API requests.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Dalfox Unauthenticated File Read via API\u003c/code\u003e to detect attempts to exploit this vulnerability by monitoring HTTP POST requests to the \u003ccode\u003e/scan\u003c/code\u003e endpoint with a \u003ccode\u003ecustom-payload-file\u003c/code\u003e parameter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T15:11:08Z","date_published":"2026-05-12T15:11:08Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dalfox-file-read/","summary":"Dalfox server mode is vulnerable to an unauthenticated arbitrary file read with out-of-band exfiltration via the `custom-payload-file` parameter, allowing attackers to read sensitive files on the host.","title":"Dalfox Server Mode Unauthenticated Arbitrary File Read","url":"https://feed.craftedsignal.io/briefs/2026-05-dalfox-file-read/"}],"language":"en","title":"CraftedSignal Threat Feed — Dalfox/V2","version":"https://jsonfeed.org/version/1.1"}