Bugsink’s webhook URL validation in versions 2.1.2 and earlier could be (partially) bypassed because of a mismatch in URL parsing.
In some malformed URLs, Python’s standard URL parser (urllib) and the HTTP client stack (requests / urllib3) do not agree on which host is actually being targeted. That could allow a webhook URL to pass Bugsink’s outbound-host checks while the actual HTTP request is sent somewhere else.
This issue affects Bugsink’s outbound webhook integrations.
An attacker who can supply or influence a webhook URL may be able to make Bugsink send an outbound HTTP POST request to a host that should have been blocked by the webhook validation logic, including loopback,
private, or otherwise non-allowlisted destinations.
The practical impact is limited:
In other words, this is a real validation bypass, but it is narrower than a full arbitrary-request primitive.
The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post.
For malformed inputs involving backslashes and @, those components can disagree about where the authority ends and which hostname is the real target. A URL may therefore appear to target an allowlisted public
hostname during validation, while the HTTP client actually connects to a different host.
The fix has two parts:
Together, these changes remove the parser discrepancy and make webhook URL handling stricter and more predictable.
If users cannot upgrade immediately:
| Score | Percentile |
|---|---|
| 0.03% | 8.45% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 4.3 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-fp53-qcf8-2xx2 ↗ |
| CVE | CVE-2026-44502 ↗ |
| CWE id | Name |
|---|---|
| CWE-918 | Server-Side Request Forgery (SSRF) |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | bugsink | <= 2.1.2 | 2.1.3 | — |