## Critical SSRF Vulnerability in Webhook Engine Poses Tenant Isolation Risk Ahead of Customer Pilot
An architecture review has flagged a critical Server-Side Request Forgery (SSRF) vulnerability in the platform's automation engine that could expose internal infrastructure to tenant compromise. The flaw resides in the webhook action type, which allows customers to configure POST requests to arbitrary URLs. Security auditors warn that a malicious or compromised tenant could target internal services, including the AWS metadata endpoint, private network resources, or other tenants' isolated environments.

The vulnerability represents a direct breach of data isolation guarantees that are supposed to separate tenant workloads in a multi-tenant architecture. Acceptance criteria laid out in the GitHub issue specify that outbound webhooks must block requests to RFC 1918 private ranges (10/8, 172.16/12, 192.168/16), loopback addresses (127/8, ::1), link-local addresses (169.254/16), and the platform's own private IP ranges. Additionally, the criteria require DNS rebinding protection that enforces blocks after DNS resolution, not merely at URL input. All blocked attempts must be logged with tenant ID, target URL, and block reason.

The security gaps have been explicitly tied to Phase 2 pilot customer onboarding timelines. According to the issue, items 1–2 must be resolved before any customer onboarding begins. Item 3, addressing PII handling deficiencies, is flagged as a prerequisite for sector-specific compliance work. The disclosure underscores broader concerns about the maturity of tenant isolation controls in systems preparing for production workloads, particularly those handling sensitive data or operating in regulated industries.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: ssrf, vulnerability, data isolation, tenant security, webhook
- **Credibility**: unverified
- **Published**: 2026-05-13 11:48:30
- **ID**: 82581
- **URL**: https://whisperx.ai/en/intel/82581