PatchSiren cyber security CVE debrief
CVE-2026-44797 nautobot CVE debrief
Nautobot, a Network Source of Truth and Network Automation Platform, contains a server-side request forgery (SSRF) vulnerability in its Webhook data model. Users with sufficient privileges can configure webhooks to target restricted internal hosts and IP addresses, enabling unauthorized outbound requests. The vulnerability stems from insufficient validation of webhook destination URLs, allowing attackers to probe internal infrastructure, access metadata services, or interact with internal APIs. CVSS 8.5 (HIGH) reflects network attack vector, low complexity, required privileges, and significant confidentiality impact with scope change.
- Vendor
- nautobot
- Product
- Unknown
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-28
- Original CVE updated
- 2026-05-29
- Advisory published
- 2026-05-28
- Advisory updated
- 2026-05-29
Who should care
Organizations running Nautobot for network automation and infrastructure management, particularly those with multi-tenant deployments or users with varying trust levels. Security teams concerned with lateral movement and internal reconnaissance. Network engineers responsible for webhook integrations with internal systems.
Technical summary
The vulnerability exists in Nautobot's Webhook model, which allows authenticated users with appropriate permissions to configure HTTP callbacks triggered by data changes. Prior to the fixed versions, the webhook destination URL validation did not adequately restrict requests to internal IP ranges (RFC 1918), link-local addresses, or metadata service endpoints commonly exploited in SSRF attacks. Successful exploitation requires valid user credentials with webhook configuration privileges, but enables attackers to bypass network boundaries and interact with infrastructure otherwise unreachable from external networks. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N) indicates network accessibility, low attack complexity, low privileges required, no user interaction, scope change affecting other resources, high confidentiality impact, and low integrity impact.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Nautobot to version 2.4.33 or 3.1.2 immediately
- Audit existing webhook configurations for unauthorized internal destinations
- Implement network segmentation to restrict Nautobot server egress
- Review user permissions to ensure webhook configuration access follows principle of least privilege
- Monitor outbound network traffic from Nautobot servers for anomalous patterns
- Deploy URL validation middleware or proxy controls for webhook destinations if immediate patching is not feasible
Evidence notes
CVE description confirms SSRF-like behavior via webhook misconfiguration. CWE-918 (Server-Side Request Forgery) assigned by GitHub Security Advisories. Fix commits 16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4 and 7324c8f0d8c7245fbc691e15d729adc2d2707d08 address URL validation. Releases v2.4.33 and v3.1.2 contain patches.
Official resources
2026-05-28