Vercel — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/vercel/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 05 May 2026 18:13:52 +0000Inngest SDK Exposes Environment Variables via Unhandled HTTP Methodshttps://feed.craftedsignal.io/briefs/2026-05-inngest-env-leak/Tue, 05 May 2026 18:13:52 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-inngest-env-leak/Inngest TypeScript SDK versions 3.22.0 through 3.53.1 expose environment variables via the serve() handler on unhandled HTTP methods, allowing unauthenticated remote attackers to exfiltrate environment variables from the host process via `PATCH`, `OPTIONS`, or `DELETE` requests to the `serve()` HTTP handler.A vulnerability exists in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1. This flaw allows unauthenticated remote attackers to extract environment variables from the host process by sending PATCH, OPTIONS, or DELETE requests to the serve() HTTP handler. The vulnerability arises because these HTTP methods are not explicitly handled and fall through to a diagnostic handler that inadvertently exposes the contents of process.env. This exposure includes sensitive information such as secrets, API keys, and credentials. Applications are vulnerable if they use the affected SDK versions and their serve() endpoint is reachable via the aforementioned HTTP methods. The vulnerability was introduced in version 3.22.0 and fixed in 3.54.0. There are no known reports of active exploitation at this time.

Attack Chain

  1. The attacker identifies an Inngest application using a vulnerable SDK version (3.22.0 - 3.53.1).
  2. The attacker determines the application’s serve() endpoint URL.
  3. The attacker sends an HTTP request to the serve() endpoint using the PATCH, OPTIONS, or DELETE method.
  4. The Inngest SDK’s serve() handler, lacking specific handling for these methods, falls through to a generic diagnostic handler.
  5. The diagnostic handler inadvertently includes the contents of process.env in its response.
  6. The attacker receives the HTTP response containing the application’s environment variables.
  7. The attacker extracts sensitive information from the environment variables, such as API keys or credentials.
  8. The attacker uses the extracted credentials to gain unauthorized access to resources or perform malicious actions.

Impact

Successful exploitation of this vulnerability allows an unauthenticated attacker to access sensitive environment variables. This can lead to the exposure of API keys, database credentials, and other secrets, potentially leading to unauthorized access to internal systems, data breaches, or other malicious activities. The number of affected applications depends on the adoption rate of the vulnerable Inngest SDK versions. Sectors utilizing Inngest for background job processing or event-driven architectures are particularly at risk.

Recommendation

  • Upgrade to inngest@3.54.0 or later to patch the vulnerability as mentioned in the overview.
  • Rotate any secrets that were present in environment variables (process.env) within affected environments, including Inngest signing keys and event keys, as described in the remediation steps in the advisory.
  • Search logs for any requests to your serve endpoints using the PATCH, OPTIONS, DELETE HTTP methods to assess if any environment variables may have been exposed, as described in the remediation steps in the advisory.
  • Adjust firewall or proxy rules to only allow requests to your serve endpoint from Inngest IP addresses available at http://inngest.com/ips-v4 and http://inngest.com/ips-v6.
]]>highthreatenvironment-variable-exposureinngestcve-2026-42047