Skip to main content

Canonical CVE-2026-35409

| EUVDEUVD-2026-19517 HIGH
Improper Input Validation (CWE-20)
2026-04-04 https://github.com/directus/directus GHSA-wv3h-5fx7-966h
7.7
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.7 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Re-analysis Queued
Apr 20, 2026 - 16:52 vuln.today
cvss_changed
Patch released
Apr 04, 2026 - 08:30 nvd
Patch available
EUVD ID Assigned
Apr 04, 2026 - 06:15 euvd
EUVD-2026-19517
Analysis Generated
Apr 04, 2026 - 06:15 vuln.today
CVE Published
Apr 04, 2026 - 06:10 nvd
HIGH 7.7

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 npm packages depend on directus (1 direct, 1 indirect)

Ecosystem-wide dependent count for version 11.16.0.

DescriptionGitHub Advisory

Summary

A Server-Side Request Forgery (SSRF) protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be circumvented using IPv4-Mapped IPv6 address notation.

Details

Directus implements an IP deny-list to prevent server-side requests to internal/private network ranges. The validation logic failed to normalize IPv4-Mapped IPv6 addresses (e.g., the IPv6 representation of 127.0.0.1) before checking them against the deny-list. Because the deny-list check did not recognize these mapped addresses as equivalent to their IPv4 counterparts, an attacker could bypass the restriction while the underlying HTTP client and operating system still resolved and connected to the intended private target.

This has been fixed by adding a normalization step that converts IPv4-Mapped IPv6 addresses to their canonical IPv4 form prior to validation.

Impact

An authenticated user (or an unauthenticated user if public file-import permissions are enabled) could exploit this bypass to perform SSRF attacks against internal services on the same host (databases, caches, internal APIs) or cloud instance metadata endpoints (e.g., AWS/GCP/Azure IMDS).

AnalysisAI

Server-Side Request Forgery (SSRF) in Directus headless CMS allows authenticated attackers (or unauthenticated users with public file-import permissions) to bypass IP address deny-list protections and access internal network resources. Attackers exploit IPv4-Mapped IPv6 address notation (e.g., ::ffff:127.0.0.1) to circumvent validation logic, enabling unauthorized requests to localhost services, internal databases, caches, APIs, and cloud instance metadata endpoints (AWS/GCP/Azure IMDS). With CVSS 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) indicating low attack complexity, network accessibility, and scope change with high confidentiality impact, this represents a significant risk for data exfiltration from cloud environments and internal infrastructure. No public exploit identified at time of analysis, though the technical details in the advisory provide clear exploitation guidance.

Technical ContextAI

Directus is a popular open-source headless CMS built on Node.js (pkg:npm/directus). This vulnerability stems from improper input validation (CWE-20) in the IP address filtering mechanism designed to prevent SSRF attacks. The system maintains a deny-list of private and internal IP ranges to block server-side requests to sensitive targets. However, the validation logic failed to normalize IPv4-Mapped IPv6 addresses before comparison. IPv4-Mapped IPv6 addresses use the format ::ffff:xxx.xxx.xxx.xxx to represent IPv4 addresses within the IPv6 address space. When an attacker submits a request using this notation (e.g., ::ffff:127.0.0.1 instead of 127.0.0.1), the deny-list check does not recognize the equivalence to the blocked IPv4 address. The underlying Node.js HTTP client and operating system networking stack, however, correctly resolve and connect to the IPv4 target, allowing the SSRF attack to succeed. The fix implements address normalization that converts IPv4-Mapped IPv6 addresses to canonical IPv4 format before deny-list validation, ensuring consistent enforcement across address representations.

RemediationAI

Update Directus to the latest patched version as specified in the GitHub security advisory at github.com/directus/directus/security/advisories/GHSA-wv3h-5fx7-966h. The fix implements normalization of IPv4-Mapped IPv6 addresses to canonical IPv4 format before IP deny-list validation. Organizations should verify their current Directus version against the advisory and upgrade immediately if running an affected version. As an interim mitigation, restrict file-import functionality to trusted authenticated users only and disable public file-import permissions if enabled. Network-level controls such as egress filtering from the Directus server to prevent outbound connections to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8, and link-local ranges) can provide defense-in-depth. For cloud deployments, implement IMDSv2 (which requires PUT request headers) on AWS EC2 instances to reduce metadata service exploitation risk. Review application logs for suspicious file-import requests containing IPv6 address notation as potential indicators of exploitation attempts.

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2026-33309 CRITICAL POC
9.9 Mar 19

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar

CVE-2019-7304 CRITICAL POC
9.8 Apr 23

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitra

CVE-2026-33186 CRITICAL POC
9.1 Mar 18

An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTT

CVE-2026-50180 HIGH POC
8.7 Jul 02

Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfi

CVE-2020-14966 HIGH POC
7.5 Jun 22

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner

CVE-2020-13822 HIGH POC
7.7 Jun 04

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' byte

CVE-2026-29181 HIGH POC
7.5 Apr 07

Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger se

CVE-2019-7303 HIGH POC
7.5 Apr 23

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert char

CVE-2014-4699 MEDIUM POC
6.9 Jul 09

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved

CVE-2017-7725 MEDIUM POC
6.1 Apr 13

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "ca

CVE-2026-48816 MEDIUM POC
6.5 Jul 01

Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity w

Share

CVE-2026-35409 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy