Server Action Exposes AWS and GCP Cloud Metadata via Unvalidated URL Fetch — Authentication Gate Fails to Block SSRF

A high-severity Server-Side Request Forgery vulnerability in the `fetchPageTitle` server action exposes cloud infrastructure to credential theft and internal network reconnaissance. The endpoint, located in `app/actions.ts` (lines 94–129), accepts arbitrary URLs from authenticated users and fetches them server-side without validation. Any logged-in user can exploit this to reach internal cloud metadata services typically inaccessible from the public internet.

The flaw targets the cloud metadata endpoint at `169.254.169.254`, a standard interface on AWS, GCP, and Azure platforms that returns IAM credentials, service account tokens, and environment variables to processes running on the instance. An attacker with a valid login can redirect the server action to this endpoint, potentially extracting deployment secrets, API keys, and role-based access credentials. Beyond credential harvesting, the vulnerability enables port scanning of internal services, probing of admin panels, and direct access to databases and internal APIs behind the application's network perimeter.

The issue carries OWASP Top 10 classification (#10) and is particularly critical on managed cloud platforms such as Vercel, AWS Elastic Beanstalk, and GCP Compute Engine, where the server process commonly inherits metadata service access. Security researchers note that SSRF remains a persistent attack vector because developers often assume network boundaries provide implicit protection. The lack of URL allowlist enforcement, destination validation, or response filtering in the current implementation means the attack surface is fully open to any authenticated actor. Mitigation requires strict URL validation, blocklisting of internal IP ranges and metadata endpoints, and outbound request logging to detect exploitation attempts.