CVE-2026-40072 | Ethereum web3.py up to 7.14.x/8.0.0b1 Backend Service eth_call/call offchain_lookup_payload[“urls”] server-side request forgery

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability categorized as critical has been discovered in Ethereum web3.py up to 7.14.x/8.0.0b1. This affects the function eth_call/call of the component Backend Service. Executing a manipulation of the argument offchain_lookup_payload[“urls”] can lead to server-side request forgery.

The identification of this vulnerability is CVE-2026-40072. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-40072 | Ethereum web3.py up to 7.14.x/8.0.0b1 Backend Service eth_call/call offchain_lookup_payload[“urls”] server-side request forgery

Post correlati

CVE-2024-21473 | Qualcomm Snapdragon File Name memory corruption

CVE-2024-23613 | Symantec Deployment Solution 7.9 UpdateComputer Token Parser buffer overflow

CVE-2024-49649 | Abdul Hakeem Build App Online Plugin up to 1.0.23 on WordPress Include/Require filename control

CVE-2022-4003 | Motorola Q14 Mesh Router prior 1.5.0.16 API Request resource consumption