What is the CVSS score of CVE-2026-35409?

CVE-2026-35409 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Microsoft are affected by CVE-2026-35409?

Directus headless CMS contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users to bypass network access controls and reach internal resources, including cloud…. A patch is available.

How to fix or mitigate CVE-2026-35409?

Within 24 hours: Identify all Directus instances in production and document versions. Disable or restrict file-import functionality for authenticated users pending remediation. Within 7 days: Implement network segmentation to prevent Directus servers from reaching internal IP ranges (127.0.0.1, 169.254.169.254 for cloud metadata, private subnets) via firewall or egress proxy rules; audit recent file-import activities for suspicious requests. Within 30 days: Monitor vendor advisories for patch release; evaluate alternative headless CMS platforms or implement Web Application Firewall (WAF) rules blocking IPv6-mapped IPv4 notation (::ffff:*) in requests originating from Directus.

Microsoft CVE-2026-35409

EUVD-2026-19517 HIGH

Improper Input Validation (CWE-20)

2026-04-04 https://github.com/directus/directus

GHSA-wv3h-5fx7-966h

SSRF Microsoft Canonical

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 20, 2026 - 16:52 vuln.today

cvss_changed

Patch released

Apr 04, 2026 - 08:30 nvd

Patch available

EUVD ID Assigned

Apr 04, 2026 - 06:15 euvd

EUVD-2026-19517

Analysis Generated

Apr 04, 2026 - 06:15 vuln.today

CVE Published

Apr 04, 2026 - 06:10 nvd

HIGH 7.7

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

2 npm packages depend on directus (1 direct, 1 indirect)

Ecosystem-wide dependent count for version 11.16.0.

DescriptionNVD

Summary

A Server-Side Request Forgery (SSRF) protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be circumvented using IPv4-Mapped IPv6 address notation.

Details

Directus implements an IP deny-list to prevent server-side requests to internal/private network ranges. The validation logic failed to normalize IPv4-Mapped IPv6 addresses (e.g., the IPv6 representation of 127.0.0.1) before checking them against the deny-list. Because the deny-list check did not recognize these mapped addresses as equivalent to their IPv4 counterparts, an attacker could bypass the restriction while the underlying HTTP client and operating system still resolved and connected to the intended private target.

This has been fixed by adding a normalization step that converts IPv4-Mapped IPv6 addresses to their canonical IPv4 form prior to validation.

Impact

An authenticated user (or an unauthenticated user if public file-import permissions are enabled) could exploit this bypass to perform SSRF attacks against internal services on the same host (databases, caches, internal APIs) or cloud instance metadata endpoints (e.g., AWS/GCP/Azure IMDS).

AnalysisAI

Server-Side Request Forgery (SSRF) in Directus headless CMS allows authenticated attackers (or unauthenticated users with public file-import permissions) to bypass IP address deny-list protections and access internal network resources. Attackers exploit IPv4-Mapped IPv6 address notation (e.g., ::ffff:127.0.0.1) to circumvent validation logic, enabling unauthorized requests to localhost services, internal databases, caches, APIs, and cloud instance metadata endpoints (AWS/GCP/Azure IMDS). …

RemediationAI

Within 24 hours: Identify all Directus instances in production and document versions. Disable or restrict file-import functionality for authenticated users pending remediation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory