CVE-2026-33682 (GCVE-0-2026-33682)

Vulnerability from cvelistv5 – Published: 2026-03-26 21:45 – Updated: 2026-03-27 20:00

Title

Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)

Summary

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\attacker-controlled-host\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/streamlit/streamlit/security/a…	x_refsource_CONFIRM
	https://github.com/streamlit/streamlit/commit/236…	x_refsource_MISC
	https://github.com/streamlit/streamlit/releases/t…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	streamlit	streamlit	Affected: < 1.54.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33682",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T14:11:13.804113Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T20:00:36.574Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "streamlit",
          "vendor": "streamlit",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.54.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\\\attacker-controlled-host\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T21:45:05.616Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846"
        },
        {
          "name": "https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76"
        },
        {
          "name": "https://github.com/streamlit/streamlit/releases/tag/1.54.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/streamlit/streamlit/releases/tag/1.54.0"
        }
      ],
      "source": {
        "advisory": "GHSA-7p48-42j8-8846",
        "discovery": "UNKNOWN"
      },
      "title": "Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33682",
    "datePublished": "2026-03-26T21:45:05.616Z",
    "dateReserved": "2026-03-23T16:34:59.931Z",
    "dateUpdated": "2026-03-27T20:00:36.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33682\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-26T22:16:30.880\",\"lastModified\":\"2026-04-01T13:28:47.470\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\\\\\\\attacker-controlled-host\\\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0.\"},{\"lang\":\"es\",\"value\":\"Streamlit es un framework de desarrollo de aplicaciones orientado a datos para python. Las versiones de Streamlit Open Source anteriores a la 1.54.0 ejecut\u00e1ndose en hosts Windows tienen una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) no autenticada. La vulnerabilidad surge de una validaci\u00f3n incorrecta de las rutas del sistema de archivos proporcionadas por el atacante. En ciertas rutas de c\u00f3digo, incluyendo dentro del \u0027ComponentRequestHandler\u0027, las rutas del sistema de archivos se resuelven usando \u0027os.path.realpath()\u0027 o \u0027Path.resolve()\u0027 antes de que ocurra una validaci\u00f3n suficiente. En sistemas Windows, proporcionar una ruta UNC maliciosa (por ejemplo, \u0027\\\\\\\\attacker-controlled-host\\\\share\u0027) puede hacer que el servidor de Streamlit inicie conexiones SMB salientes a trav\u00e9s del puerto 445. Cuando Windows intenta autenticarse con el servidor SMB remoto, las credenciales de desaf\u00edo-respuesta NTLMv2 del usuario de Windows que ejecuta el proceso de Streamlit pueden ser transmitidas. Este comportamiento puede permitir a un atacante realizar ataques de retransmisi\u00f3n NTLM contra otros servicios internos y/o identificar hosts SMB accesibles internamente mediante an\u00e1lisis de tiempo. La vulnerabilidad ha sido corregida en la versi\u00f3n 1.54.0 de Streamlit Open Source.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"1.54.0\",\"matchCriteriaId\":\"497DB8B7-82E6-4AB2-8D27-4C1F333C5D24\"}]}]}],\"references\":[{\"url\":\"https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/streamlit/streamlit/releases/tag/1.54.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33682\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-27T14:11:13.804113Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-27T14:11:17.397Z\"}}], \"cna\": {\"title\": \"Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)\", \"source\": {\"advisory\": \"GHSA-7p48-42j8-8846\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"streamlit\", \"product\": \"streamlit\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.54.0\"}]}], \"references\": [{\"url\": \"https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846\", \"name\": \"https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76\", \"name\": \"https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/streamlit/streamlit/releases/tag/1.54.0\", \"name\": \"https://github.com/streamlit/streamlit/releases/tag/1.54.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\\\\\\\attacker-controlled-host\\\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-26T21:45:05.616Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33682\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-27T20:00:36.574Z\", \"dateReserved\": \"2026-03-23T16:34:59.931Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-26T21:45:05.616Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-33682

Vulnerability from fkie_nvd - Published: 2026-03-26 22:16 - Updated: 2026-04-01 13:28

Severity ?

4.7 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76	Patch
security-advisories@github.com	https://github.com/streamlit/streamlit/releases/tag/1.54.0	Product, Release Notes
security-advisories@github.com	https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846	Vendor Advisory

Impacted products

	Vendor	Product	Version
	snowflake	streamlit	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "497DB8B7-82E6-4AB2-8D27-4C1F333C5D24",
              "versionEndExcluding": "1.54.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\\\attacker-controlled-host\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0."
    },
    {
      "lang": "es",
      "value": "Streamlit es un framework de desarrollo de aplicaciones orientado a datos para python. Las versiones de Streamlit Open Source anteriores a la 1.54.0 ejecut\u00e1ndose en hosts Windows tienen una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) no autenticada. La vulnerabilidad surge de una validaci\u00f3n incorrecta de las rutas del sistema de archivos proporcionadas por el atacante. En ciertas rutas de c\u00f3digo, incluyendo dentro del \u0027ComponentRequestHandler\u0027, las rutas del sistema de archivos se resuelven usando \u0027os.path.realpath()\u0027 o \u0027Path.resolve()\u0027 antes de que ocurra una validaci\u00f3n suficiente. En sistemas Windows, proporcionar una ruta UNC maliciosa (por ejemplo, \u0027\\\\attacker-controlled-host\\share\u0027) puede hacer que el servidor de Streamlit inicie conexiones SMB salientes a trav\u00e9s del puerto 445. Cuando Windows intenta autenticarse con el servidor SMB remoto, las credenciales de desaf\u00edo-respuesta NTLMv2 del usuario de Windows que ejecuta el proceso de Streamlit pueden ser transmitidas. Este comportamiento puede permitir a un atacante realizar ataques de retransmisi\u00f3n NTLM contra otros servicios internos y/o identificar hosts SMB accesibles internamente mediante an\u00e1lisis de tiempo. La vulnerabilidad ha sido corregida en la versi\u00f3n 1.54.0 de Streamlit Open Source."
    }
  ],
  "id": "CVE-2026-33682",
  "lastModified": "2026-04-01T13:28:47.470",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-26T22:16:30.880",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/streamlit/streamlit/releases/tag/1.54.0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-7P48-42J8-8846

Vulnerability from github – Published: 2026-03-25 21:20 – Updated: 2026-03-27 21:36

Summary

Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)

Details

Streamlit Open Source Security Advisory

1. Impacted Products

Streamlit Open Source versions prior to 1.54.0 running on Windows hosts.

2. Introduction

Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of filesystem paths within component request handling. The vulnerability was reported through the responsible disclosure program and has been remediated in Streamlit Open Source version 1.54.0. This issue affects only Streamlit deployments running on Windows operating systems.

3. Server-Side Request Forgery (SSRF) and NTLM Credential Exposure

3.1 Description

Streamlit was informed by a security researcher of an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the ComponentRequestHandler, filesystem paths are resolved using os.path.realpath() or Path.resolve() before sufficient validation occurs.

On Windows systems, supplying a malicious UNC path (e.g., \\attacker-controlled-host\share) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted.

This behavior may allow an attacker to:

Perform NTLM relay attacks against other internal services
Identify internally reachable SMB hosts via timing analysis

Note: The issue is unauthenticated and does not require user interaction.

Captured NTLMv2 challenge-response hashes could be subjected to offline brute-force attacks in an attempt to recover the associated plaintext account password. While NTLMv2 incorporates a server challenge (nonce) that mitigates the use of precomputed rainbow tables, it does not prevent targeted offline password cracking against weak credentials.

Additionally, Microsoft has publicly discouraged the continued use of NTLM in favor of Kerberos and is actively progressing toward disabling NTLM by default in future Windows releases. Organizations that enforce NTLM restrictions, disable outbound NTLM authentication, require SMB signing, or block NTLM authentication to remote servers can reduce or eliminate the risk associated with credential relay or hash exposure scenarios.

As NTLM is considered legacy and increasingly deprecated (though not fully sunset), environments that have already implemented Microsoft-recommended NTLM hardening controls are less likely to be materially impacted. The overall risk therefore depends on the organization's authentication configuration and network security posture.

3.2 Scenarios and Attack Vectors

Streamlit applications running on Windows were vulnerable if component endpoints were exposed to untrusted networks. By appending an attacker-controlled SMB hostname to the URI path and issuing a GET request, the Streamlit server could be coerced into initiating an outbound SMB authentication attempt.

This could result in the leakage of NTLMv2 credential hashes for the Windows account running the Streamlit process.

3.3 Resolution

The vulnerability has been fixed in Streamlit Open Source version 1.54.0.
It is recommended that all Streamlit deployments on Windows be upgraded immediately to version 1.54.0 or later.

4. Contact

Please contact security@snowflake.com for any questions regarding this advisory.

If a security vulnerability is discovered in a Streamlit product or website, it should be reported through the responsible disclosure program. For more information, see the Vulnerability Disclosure Policy.

Severity ?

4.7 (Medium)


                  
                    CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Streamlit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.54.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33682"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-25T21:20:52Z",
    "nvd_published_at": "2026-03-26T22:16:30Z",
    "severity": "MODERATE"
  },
  "details": "# Streamlit Open Source Security Advisory\n\n## 1. Impacted Products\n\nStreamlit Open Source versions prior to 1.54.0 running on Windows hosts.\n\n## 2. Introduction\n\nSnowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of filesystem paths within component request handling. The vulnerability was reported through the responsible disclosure program and has been remediated in Streamlit Open Source version 1.54.0. This issue affects only Streamlit deployments running on Windows operating systems.\n\n## 3. Server-Side Request Forgery (SSRF) and NTLM Credential Exposure\n\n### 3.1 Description\n\nStreamlit was informed by a security researcher of an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs.\n\nOn Windows systems, supplying a malicious UNC path (e.g., `\\\\attacker-controlled-host\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted.\n\nThis behavior may allow an attacker to:\n\n- Perform NTLM relay attacks against other internal services\n- Identify internally reachable SMB hosts via timing analysis\n\n\u003e **Note:** The issue is unauthenticated and does not require user interaction.\n\nCaptured NTLMv2 challenge-response hashes could be subjected to offline brute-force attacks in an attempt to recover the associated plaintext account password. While NTLMv2 incorporates a server challenge (nonce) that mitigates the use of precomputed rainbow tables, it does not prevent targeted offline password cracking against weak credentials.\n\nAdditionally, Microsoft has publicly discouraged the continued use of NTLM in favor of Kerberos and is actively progressing toward disabling NTLM by default in future Windows releases. Organizations that enforce NTLM restrictions, disable outbound NTLM authentication, require SMB signing, or block NTLM authentication to remote servers can reduce or eliminate the risk associated with credential relay or hash exposure scenarios.\n\nAs NTLM is considered legacy and increasingly deprecated (though not fully sunset), environments that have already implemented Microsoft-recommended NTLM hardening controls are less likely to be materially impacted. The overall risk therefore depends on the organization\u0027s authentication configuration and network security posture.\n\n### 3.2 Scenarios and Attack Vectors\n\nStreamlit applications running on Windows were vulnerable if component endpoints were exposed to untrusted networks. By appending an attacker-controlled SMB hostname to the URI path and issuing a GET request, the Streamlit server could be coerced into initiating an outbound SMB authentication attempt.\n\nThis could result in the leakage of NTLMv2 credential hashes for the Windows account running the Streamlit process.\n\n### 3.3 Resolution\n\n- The vulnerability has been fixed in Streamlit Open Source version 1.54.0.\n- It is recommended that all Streamlit deployments on Windows be upgraded immediately to version 1.54.0 or later.\n\n## 4. Contact\n\nPlease contact [security@snowflake.com](mailto:security@snowflake.com) for any questions regarding this advisory.\n\nIf a security vulnerability is discovered in a Streamlit product or website, it should be reported through the responsible disclosure program. For more information, see the [Vulnerability Disclosure Policy](https://hackerone.com/snowflake).",
  "id": "GHSA-7p48-42j8-8846",
  "modified": "2026-03-27T21:36:34Z",
  "published": "2026-03-25T21:20:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33682"
    },
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/streamlit/streamlit"
    },
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/releases/tag/1.54.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33682 (GCVE-0-2026-33682)

FKIE_CVE-2026-33682

GHSA-7P48-42J8-8846

Streamlit Open Source Security Advisory

1. Impacted Products

2. Introduction

3. Server-Side Request Forgery (SSRF) and NTLM Credential Exposure

3.1 Description

3.2 Scenarios and Attack Vectors

3.3 Resolution

4. Contact

Tags

Sightings

Nomenclature