PatchSiren

Helicone CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW Helicone CVE published 2026-07-12

CVE-2026-15508

A server-side request forgery vulnerability was found in Helicone ai-gateway up to 0.2.0-beta.30. The vulnerability affects the build_target_url function in ai-gateway/src/dispatcher/service.rs. This function is part of the AWS Metadata Service component. The vulnerability can be exploited remotely by manipulating the extracted_path_and_query argument. The exploit has been published and may be used. The v [truncated]