{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/koel/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["koel (\u003c= 9.3.4)"],"_cs_severities":["high"],"_cs_tags":["ssrf","koel","podcast","cloud"],"_cs_type":"advisory","_cs_vendors":["composer"],"content_html":"\u003cp\u003eKoel, a personal music streaming server, is vulnerable to Server-Side Request Forgery (SSRF) due to a flaw in how podcast episode enclosure URLs are handled. Specifically, while the podcast feed URL itself is validated, the individual episode enclosure URLs extracted from the RSS XML are stored and later used without proper validation. This allows an attacker to host a malicious RSS feed with enclosure URLs pointing to internal resources. When a user plays an episode from this feed, the Koel server attempts to download the full content from the attacker-specified URL, which can be an internal service. The server then streams the response back to the user, effectively granting the attacker full-read SSRF capabilities. This vulnerability affects Koel versions 9.3.4 and earlier. An additional SSRF bypass exists via the AI radio station tool, requiring a Plus license.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker registers an account on the Koel server.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious RSS feed hosted on a public server, containing an episode with an enclosure URL pointing to an internal resource (e.g., AWS metadata endpoint at \u003ccode\u003ehttp://169.254.169.254/latest/meta-data/iam/security-credentials/\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAttacker subscribes to the malicious podcast feed by sending a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e/api/podcasts\u003c/code\u003e with the \u003ccode\u003eurl\u003c/code\u003e parameter set to the malicious feed URL (e.g., \u003ccode\u003ehttps://evil.com/feed.xml\u003c/code\u003e). This step passes the \u003ccode\u003eSafeUrl\u003c/code\u003e validation, which only checks the feed URL itself.\u003c/li\u003e\n\u003cli\u003eKoel parses the malicious feed and stores the episode with the attacker-controlled \u003ccode\u003epath\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eA user, or the attacker, attempts to play the episode by sending a \u003ccode\u003eGET\u003c/code\u003e request to \u003ccode\u003e/play/{episode_id}\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe server executes \u003ccode\u003eHttp::sink($file)-\u0026gt;get(\u0026quot;http://169.254.169.254/...\u0026quot;)\u003c/code\u003e, attempting to download the full content from the malicious enclosure URL.\u003c/li\u003e\n\u003cli\u003eThe response from the internal resource (e.g., AWS metadata) is downloaded to a temporary file.\u003c/li\u003e\n\u003cli\u003eThe contents of the file are streamed back to the user, enabling the attacker to access sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability can lead to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTheft of cloud credentials by reading AWS/GCP/Azure metadata endpoints.\u003c/li\u003e\n\u003cli\u003eInternal network reconnaissance by scanning ports and enumerating internal HTTP services.\u003c/li\u003e\n\u003cli\u003eData exfiltration by reading responses from internal APIs, admin panels, and databases with HTTP interfaces.\u003c/li\u003e\n\u003cli\u003eThe entire response body from the internal service is returned to the attacker, providing more comprehensive access compared to blind SSRF.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Koel SSRF via AWS Metadata Endpoint\u003c/code\u003e to identify attempts to access the AWS metadata endpoint via the podcast enclosure URL.\u003c/li\u003e\n\u003cli\u003eBlock the malicious RSS feed URLs observed in the \u003ccode\u003eiocs\u003c/code\u003e section at the network perimeter.\u003c/li\u003e\n\u003cli\u003eApply the remediation steps outlined in the source to validate episode enclosure URLs in \u003ccode\u003esynchronizeEpisodes()\u003c/code\u003e and add defense-in-depth validation at playback time in \u003ccode\u003eEpisodePlayable::createForEpisode()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eApply \u003ccode\u003eSafeUrl\u003c/code\u003e validation in \u003ccode\u003eAddRadioStation\u003c/code\u003e AI tool to prevent SSRF via the AI assistant.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T19:56:42Z","date_published":"2026-05-29T19:56:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-koel-ssrf/","summary":"Koel is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of podcast episode enclosure URLs, allowing a remote attacker to inject a malicious URL into the enclosure field of a podcast RSS feed, leading to internal network reconnaissance and potential credential theft; this issue is tracked as CVE-2026-47260.","title":"Koel SSRF Vulnerability via Podcast Episode Enclosure URLs (CVE-2026-47260)","url":"https://feed.craftedsignal.io/briefs/2026-05-koel-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Koel","version":"https://jsonfeed.org/version/1.1"}