CVE-2026-25991
📋 TL;DR
CVE-2026-25991 is a Blind Server-Side Request Forgery (SSRF) vulnerability in Tandoor Recipes that allows authenticated users to make the server connect to arbitrary internal or external resources. The vulnerability exists in the Cookmate recipe import feature where URL validation fails after HTTP redirects. All authenticated users, including standard non-admin accounts, can exploit this to scan internal networks or access sensitive metadata services.
💻 Affected Systems
- Tandoor Recipes
📦 What is this software?
Recipes by Tandoor
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access cloud metadata services (AWS/GCP) to obtain credentials, scan internal network services to map infrastructure, or perform internal service attacks through the vulnerable server.
Likely Case
Internal network reconnaissance, accessing internal services not exposed externally, and potentially obtaining server metadata or internal IP addresses.
If Mitigated
Limited to authenticated user access only, with network segmentation preventing access to critical internal resources.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated. The vulnerability is well-documented in the security advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.1
Vendor Advisory: https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-j6xg-85mh-qqf7
Restart Required: Yes
Instructions:
1. Backup your Tandoor Recipes database and configuration. 2. Update to version 2.5.1 or later using your deployment method (Docker, manual install, etc.). 3. Restart the Tandoor Recipes service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable Cookmate Integration
allTemporarily disable the vulnerable Cookmate recipe import feature
# Edit Tandoor configuration to disable Cookmate integration
# Check your deployment method for configuration options
Network Segmentation
linuxRestrict outbound network access from Tandoor server to prevent SSRF attacks
# Configure firewall rules to block outbound connections from Tandoor server
# Example: iptables -A OUTPUT -p tcp -m owner --uid-owner tandoor -j DROP
🧯 If You Can't Patch
- Restrict user account creation and limit authenticated user access to trusted individuals only
- Implement network controls to block the Tandoor server from accessing internal metadata services (169.254.169.254 for AWS, metadata.google.internal for GCP) and sensitive internal networks
🔍 How to Verify
Check if Vulnerable:
Check if Tandoor Recipes version is below 2.5.1. Review application logs for unusual outbound HTTP requests from the Cookmate integration.Check Version:
# For Docker: docker exec <container_name> python -c "import recipes; print(recipes.__version__)" # For manual install: check version in web interface or configuration filesVerify Fix Applied:
Confirm version is 2.5.1 or higher. Test Cookmate import feature with redirect URLs to ensure they are properly validated.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from Tandoor server
- Cookmate integration requests to internal IP addresses or metadata services
- Multiple failed import attempts with unusual URLs
Network Indicators:
- Outbound connections from Tandoor server to internal network ranges
- Requests to cloud metadata endpoints (169.254.169.254, metadata.google.internal)
- Port scanning patterns originating from Tandoor server
SIEM Query:
source="tandoor-logs" AND (url CONTAINS "169.254.169.254" OR url CONTAINS "metadata.google.internal" OR url MATCHES "10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.")