dssrf CVE-2026-44232
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (https://github.com/HackingRepo/dssrf-js) · only source for this CVE.
CVSS VectorVendor: https://github.com/HackingRepo/dssrf-js
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability in dssrf allows an attacker to bypass its SSRF protections by supplying one of the following IPv6 addresses, resulting in a successful SSRF. This contradicts dssrf documentation, which incorrectly claims that IPv6 is disabled entirely. See below:
Input Category
http://[::1]/ IPv6 loopback
http://[fc00::1]/ IPv6 ULA
http://[fe80::1]/ IPv6 link-local
http://[::ffff:127.0.0.1]/ IPv4-mapped loopback
http://[::ffff:169.254.169.254]/ IPv4-mapped IMDS
http://[::ffff:100.64.0.1]/ IPv4-mapped CGNAT
http://[64:ff9b::7f00:1]/ NAT64 well-known prefix
http://[64:ff9b:1::1]/ NAT64 local-use (RFC 8215)
http://[5f00::1]/ SRv6 SID (RFC 9602)
http://[3fff::1]/ IPv6 documentation (RFC 9637)
http://[fec0::1]/ IPv6 site-local (deprecated, RFC 3879)
http://[::127.0.0.1]/ IPv4-compatible IPv6POC
mkdir dssrf-poc && cd dssrf-poc
npm init -y >/dev/null
npm install dssrf@^1.0.2
cat > audit.js <<'EOF'
const dssrf = require('dssrf');
const cases = [
['http://[::1]/', 'IPv6 loopback'],
['http://[fc00::1]/', 'IPv6 ULA'],
['http://[fe80::1]/', 'IPv6 link-local'],
['http://[::ffff:127.0.0.1]/', 'IPv4-mapped loopback'],
['http://[::ffff:169.254.169.254]/', 'IPv4-mapped IMDS'],
['http://[64:ff9b::7f00:1]/', 'NAT64 well-known + 127.0.0.1'],
['http://[64:ff9b:1::1]/', 'NAT64 local-use (RFC 8215)'],
['http://[5f00::1]/', 'SRv6 SID (RFC 9602)'],
['http://[fec0::1]/', 'IPv6 site-local deprecated'],
['http://127.0.0.1/', 'IPv4 loopback (control)'],
['http://10.0.0.1/', 'IPv4 RFC1918 (control)'],
['http://8.8.8.8/', 'PUBLIC IPv4 (control)'],
];
(async () => {
for (const [url, label] of cases) {
const safe = await dssrf.is_url_safe(url);
console.log(`${safe ? '✓ALLOW' : '·block'} ${url.padEnd(40)} ${label}`);
}
})();
EOF
node audit.jsCredit
dssrf thanks <brmenna@gmail.com> for reporting this issue responsibly.
Update
Users should immediately update to dssrf 1.3.0.
Lessons Learned
As seen both in the past and today, many advisories and CVE bypasses leverage IPv6. IPv6 remains the weakest link, as it is rarely configured correctly and seldom tested. In this case, while IPv4 was properly blocked, the corresponding IPv6 blocking logic was completely broken and never actually worked.,
AnalysisAI
The dssrf Node.js library (versions < 1.3.0) allows Server-Side Request Forgery (SSRF) protection bypass through IPv6 addresses targeting internal resources. Attackers can craft HTTP requests using IPv6 loopback (::1), unique local addresses (fc00::/7), link-local addresses (fe80::/10), IPv4-mapped IPv6 addresses (::ffff:127.0.0.1, ::ffff:169.254.169.254), NAT64 prefixes, and other IPv6 categories to access internal services, cloud metadata endpoints (IMDS), and private networks that the library was explicitly designed to block. The vulnerability directly contradicts dssrf documentation claiming IPv6 is disabled entirely, and a publicly available exploit code (POC) demonstrates all affected IPv6 categories. Patch available in version 1.3.0.
Technical ContextAI
The dssrf npm package (CPE: pkg:npm/dssrf) is a security library designed to prevent Server-Side Request Forgery attacks by validating URL safety before Node.js applications make outbound HTTP requests. The vulnerability stems from CWE-791 (Incomplete Filtering of Special Elements), specifically the failure to implement IPv6 address validation logic that parallels its IPv4 protections. While the library correctly blocks IPv4 private ranges (127.0.0.0/8, 10.0.0.0/8, 169.254.0.0/16) and RFC1918 space, it completely fails to filter IPv6 equivalents including loopback (::1/128), unique local addresses (fc00::/7 and deprecated fec0::/10), link-local (fe80::/10), IPv4-mapped IPv6 addresses (::ffff:0:0/96 wrapping private IPv4 space), IPv4-compatible addresses (deprecated ::/96 format), NAT64 well-known prefix (64:ff9b::/96) and local-use prefix (64:ff9b:1::/48), SRv6 SID space (5f00::/16), and IPv6 documentation ranges (3fff::/20). This oversight allows attackers to target AWS/GCP/Azure instance metadata services at ::ffff:169.254.169.254, internal APIs, and cloud admin endpoints through IPv6 notation that bypasses URL safety checks.
RemediationAI
Immediately upgrade to dssrf version 1.3.0 or later, which addresses all IPv6 bypass categories documented in the advisory. Update via npm with 'npm install dssrf@latest' or 'npm update dssrf', then verify package.json and package-lock.json reflect version 1.3.0+. Organizations requiring immediate risk reduction before patching can implement compensating controls: (1) Deploy network-level egress filtering to block outbound connections to RFC1918 IPv4 space, IPv6 ULA (fc00::/7), link-local (fe80::/10), loopback addresses, and cloud metadata endpoints (169.254.169.254 for both IPv4 and ::ffff:169.254.169.254 IPv6-mapped) at firewall or security group level, though this adds operational complexity and may break legitimate internal service communication; (2) Implement application-layer validation using an alternative SSRF protection library that explicitly supports IPv6 filtering (verify through security audit or published test suite); (3) Disable IPv6 at the host network stack level if the application does not require IPv6 connectivity (sysctl net.ipv6.conf.all.disable_ipv6=1 on Linux), though this prevents legitimate IPv6 usage and is not viable for dual-stack environments. Note that relying solely on dssrf versions < 1.3.0 with any compensating control still leaves gaps - upgrade to 1.3.0 is the only complete remediation. Advisory and patch details: https://github.com/advisories/GHSA-8p33-q827-ghj5.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-791 – Incomplete Filtering of Special Elements
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-8p33-q827-ghj5