Skip to main content

Deno Runtime EUVDEUVD-2026-38541

| CVE-2026-49859 MEDIUM
Protection Mechanism Failure (CWE-693)
2026-06-16 https://github.com/denoland/deno GHSA-cpgj-f7g3-2pp2
5.2
CVSS 3.1 · Vendor: https://github.com/denoland/deno
Share

Severity by source

Vendor (https://github.com/denoland/deno) PRIMARY
5.2 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
vuln.today AI
5.2 MEDIUM

Execution of attacker code within a local Deno process (AV:L, PR:L) is prerequisite; scope change (S:C) reflects sandbox boundary crossing to reach blocked internal services.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (https://github.com/denoland/deno).

CVSS VectorVendor: https://github.com/denoland/deno

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 16, 2026 - 19:56 vuln.today
Analysis Generated
Jun 16, 2026 - 19:56 vuln.today

DescriptionCVE.org

Summary

When fetch() was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a denied IP, bypassing the network restriction entirely.

Impact

Code running under --deny-net could reach hosts that the user intended to block. In practice this means network isolation rules - for example, blocking access to localhost or internal services - could be silently circumvented by a malicious or compromised dependency.

A companion advisory covers the same class of issue in the WebSocket API.

Who is affected

Users who:

  • run untrusted or third-party code with deno run, and
  • rely on --deny-net to restrict which hosts that code can reach.

If you do not use --deny-net, or if you only run fully trusted code, you are not affected.

Workaround

No workaround is available short of upgrading. If upgrading immediately is not possible, avoid granting --allow-net to untrusted code that also has --deny-net restrictions you depend on for security.

Fix

The fetch() DNS resolver now performs a post-resolution check on every IP address before passing it to the HTTP connector, consistent with how Deno.connect already behaved.

AnalysisAI

Deno's fetch() API in versions through 2.8.0 fails to validate resolved IP addresses against --deny-net policy rules, enabling sandbox escape to network destinations explicitly blocked by operators. Scripts executing under a --deny-net restriction can craft or leverage attacker-controlled DNS entries that pass hostname-level checks but resolve to denied IPs such as localhost or internal RFC-1918 addresses, silently bypassing the network isolation boundary. No active exploitation is confirmed (not in CISA KEV), no public proof-of-concept code has been identified, and the vendor has released a confirmed patch in version 2.8.1.

Technical ContextAI

Deno is a Rust-implemented JavaScript and TypeScript runtime (CPE: pkg:rust/deno) that enforces capability-based security via permission flags. The --deny-net flag is designed to block outbound connections to specific hostnames or IP ranges. CWE-693 (Protection Mechanism Failure) applies because the policy enforcement point in fetch() was misaligned with the actual network target: the runtime evaluated the deny-list against the user-supplied hostname string prior to DNS resolution, but never re-evaluated the resulting IP addresses before passing them to the HTTP connector. This is structurally analogous to DNS rebinding and SSRF patterns where time-of-check versus time-of-use (TOCTOU) divergence between a name and its resolved address renders the control ineffective. Notably, Deno.connect already performed a correct post-resolution IP check; fetch() simply lacked this equivalent step. The fix in 2.8.1 adds the missing post-resolution check to the fetch() DNS resolver, closing the gap. A companion advisory from the Deno project addresses the same class of bypass in the WebSocket API.

RemediationAI

Upgrade Deno to version 2.8.1, which is the vendor-confirmed patched release (see https://github.com/denoland/deno/security/advisories/GHSA-cpgj-f7g3-2pp2). The fix adds a post-resolution IP address check to the fetch() DNS resolver, consistent with the behavior already present in Deno.connect. No workaround is available that preserves the --deny-net security guarantee short of upgrading. If an immediate upgrade is not feasible, the Deno project advises removing --allow-net grants from any invocation of untrusted code that also relies on --deny-net for isolation - note this disables all outbound network access for that process and may break intended functionality. Defenders should also audit for the companion WebSocket bypass advisory and confirm it is addressed in the same 2.8.1 upgrade.

Vendor StatusVendor

SUSE

Severity: Moderate

Share

EUVD-2026-38541 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy