DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-12566: CVE-2026-12566: Server-Side Request Forgery (SSRF) in Black Lantern Security BBOT docker_pull Module

#security #cve #cybersecurity

CVE-2026-12566: Server-Side Request Forgery (SSRF) in Black Lantern Security BBOT docker_pull Module

Vulnerability ID: CVE-2026-12566
CVSS Score: 3.1
Published: 2026-06-18

A Server-Side Request Forgery (SSRF) vulnerability exists in the docker_pull module of Black Lantern Security BBOT. By returning a maliciously crafted WWW-Authenticate header from a rogue Docker registry or executing a Man-in-the-Middle (MitM) attack, an attacker can coerce the BBOT scanner into making arbitrary HTTP requests to internal system services or external infrastructure, potentially disclosing sensitive authorization tokens and host metadata.

TL;DR

Black Lantern Security BBOT's docker_pull module blindly parses and requests the realm URL from a Docker registry's WWW-Authenticate header, leading to Server-Side Request Forgery (SSRF) and potential credential exposure.

Technical Details

  • CWE ID: CWE-918
  • Attack Vector: Network
  • CVSS v3.1 Score: 3.1 (Low)
  • EPSS Score: 0.00167
  • Impact: Low-severity information disclosure and Server-Side Request Forgery
  • Exploit Status: none
  • KEV Status: Not Listed

Affected Systems

  • Black Lantern Security BBOT (docker_pull module)
  • BBOT: >= 2.0.0, <= 2.8.4 (Fixed in: 2.8.5)

Code Analysis

Commit: c2f4bc0

Introduced structured header parsing and registered domain verification for the WWW-Authenticate realm URL in the docker_pull module.

Mitigation Strategies

  • Upgrade BBOT to version 2.8.5 or higher.
  • Enforce network segmentation and firewall rules to block scanner egress traffic to private IP addresses (RFC 1918).
  • Enforce IMDSv2 with a hop limit of 1 on cloud instances executing active scanning utilities.
  • Implement a forwarding proxy configured to reject connection requests targeting local or loopback interfaces.

Remediation Steps:

  1. Identify all running BBOT deployments and check their current versions.
  2. Execute the update procedure using the package manager: pip install --upgrade bbot or update the Docker container pull to use the latest image tag (>= 2.8.5).
  3. Review the outgoing network security groups of scanning hosts and restrict outbound routing strictly to public IP spaces.

References

Read the full report for CVE-2026-12566 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)