{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/vercel/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":true,"_cs_products":["inngest TypeScript SDK","Vercel","Cloudflare Workers"],"_cs_severities":["high"],"_cs_tags":["environment-variable-exposure","inngest","cve-2026-42047"],"_cs_type":"threat","_cs_vendors":["Inngest","Vercel","Cloudflare"],"content_html":"\u003cp\u003eA vulnerability exists in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1. This flaw allows unauthenticated remote attackers to extract environment variables from the host process by sending \u003ccode\u003ePATCH\u003c/code\u003e, \u003ccode\u003eOPTIONS\u003c/code\u003e, or \u003ccode\u003eDELETE\u003c/code\u003e requests to the \u003ccode\u003eserve()\u003c/code\u003e HTTP handler. The vulnerability arises because these HTTP methods are not explicitly handled and fall through to a diagnostic handler that inadvertently exposes the contents of \u003ccode\u003eprocess.env\u003c/code\u003e. This exposure includes sensitive information such as secrets, API keys, and credentials. Applications are vulnerable if they use the affected SDK versions and their \u003ccode\u003eserve()\u003c/code\u003e endpoint is reachable via the aforementioned HTTP methods. The vulnerability was introduced in version 3.22.0 and fixed in 3.54.0. There are no known reports of active exploitation at this time.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an Inngest application using a vulnerable SDK version (3.22.0 - 3.53.1).\u003c/li\u003e\n\u003cli\u003eThe attacker determines the application\u0026rsquo;s \u003ccode\u003eserve()\u003c/code\u003e endpoint URL.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP request to the \u003ccode\u003eserve()\u003c/code\u003e endpoint using the \u003ccode\u003ePATCH\u003c/code\u003e, \u003ccode\u003eOPTIONS\u003c/code\u003e, or \u003ccode\u003eDELETE\u003c/code\u003e method.\u003c/li\u003e\n\u003cli\u003eThe Inngest SDK\u0026rsquo;s \u003ccode\u003eserve()\u003c/code\u003e handler, lacking specific handling for these methods, falls through to a generic diagnostic handler.\u003c/li\u003e\n\u003cli\u003eThe diagnostic handler inadvertently includes the contents of \u003ccode\u003eprocess.env\u003c/code\u003e in its response.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the HTTP response containing the application\u0026rsquo;s environment variables.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts sensitive information from the environment variables, such as API keys or credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted credentials to gain unauthorized access to resources or perform malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an unauthenticated attacker to access sensitive environment variables. This can lead to the exposure of API keys, database credentials, and other secrets, potentially leading to unauthorized access to internal systems, data breaches, or other malicious activities. The number of affected applications depends on the adoption rate of the vulnerable Inngest SDK versions. Sectors utilizing Inngest for background job processing or event-driven architectures are particularly at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003einngest@3.54.0\u003c/code\u003e or later to patch the vulnerability as mentioned in the overview.\u003c/li\u003e\n\u003cli\u003eRotate any secrets that were present in environment variables (\u003ccode\u003eprocess.env\u003c/code\u003e) within affected environments, including Inngest signing keys and event keys, as described in the remediation steps in the advisory.\u003c/li\u003e\n\u003cli\u003eSearch logs for any requests to your \u003ccode\u003eserve\u003c/code\u003e endpoints using the \u003ccode\u003ePATCH\u003c/code\u003e, \u003ccode\u003eOPTIONS\u003c/code\u003e, \u003ccode\u003eDELETE\u003c/code\u003e HTTP methods to assess if any environment variables may have been exposed, as described in the remediation steps in the advisory.\u003c/li\u003e\n\u003cli\u003eAdjust firewall or proxy rules to only allow requests to your \u003ccode\u003eserve\u003c/code\u003e endpoint from Inngest IP addresses available at \u003ca href=\"http://inngest.com/ips-v4\"\u003ehttp://inngest.com/ips-v4\u003c/a\u003e and \u003ca href=\"http://inngest.com/ips-v6\"\u003ehttp://inngest.com/ips-v6\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T18:13:52Z","date_published":"2026-05-05T18:13:52Z","id":"/briefs/2026-05-inngest-env-leak/","summary":"Inngest TypeScript SDK versions 3.22.0 through 3.53.1 expose environment variables via the serve() handler on unhandled HTTP methods, allowing unauthenticated remote attackers to exfiltrate environment variables from the host process via `PATCH`, `OPTIONS`, or `DELETE` requests to the `serve()` HTTP handler.","title":"Inngest SDK Exposes Environment Variables via Unhandled HTTP Methods","url":"https://feed.craftedsignal.io/briefs/2026-05-inngest-env-leak/"}],"language":"en","title":"CraftedSignal Threat Feed — Vercel","version":"https://jsonfeed.org/version/1.1"}