Skip to main content

Deno Runtime EUVDEUVD-2026-38542

| CVE-2026-49860 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-16 https://github.com/denoland/deno GHSA-83pc-3rw9-qpwj
5.2
CVSS 3.1 · Vendor: https://github.com/denoland/deno
Share

Severity by source

Vendor (https://github.com/denoland/deno) PRIMARY
5.2 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
vuln.today AI
5.2 MEDIUM

Attacker code must already execute inside the Deno sandbox (AV:L/PR:L); sandbox escape to restricted network justifies S:C; no availability impact applies.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (https://github.com/denoland/deno).

CVSS VectorVendor: https://github.com/denoland/deno

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 16, 2026 - 19:56 vuln.today
Analysis Generated
Jun 16, 2026 - 19:56 vuln.today

DescriptionCVE.org

Summary

When a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a denied IP, bypassing the network restriction entirely.

Impact

Code running under --deny-net could connect to hosts that the user intended to block. In practice this means network isolation rules - for example, blocking access to localhost or internal services - could be silently circumvented by a malicious or compromised dependency.

Deno.connect and fetch() were not affected by this specific issue (a companion advisory covers fetch()).

Who is affected

Users who:

  • run untrusted or third-party code with deno run, and
  • rely on --deny-net to restrict which hosts that code can reach.

If you do not use --deny-net, or if you only run fully trusted code, you are not affected.

Workaround

No workaround is available short of upgrading. If upgrading immediately is not possible, avoid granting --allow-net to untrusted code that also has --deny-net restrictions you depend on for security.

AnalysisAI

WebSocket connections in Deno 2.8.0 and earlier silently bypass --deny-net network sandbox rules by exploiting a missing post-DNS-resolution IP check - the runtime validates the destination hostname but never validates the IP address that hostname resolves to, enabling a classic DNS-rebinding-style SSRF (CWE-918) within the permission system. Any script running under deno run with --deny-net restrictions can weaponize an attacker-controlled domain to reach blocked hosts such as localhost or cloud metadata endpoints (e.g., 169.254.169.254). No public exploit has been identified at time of analysis, and the issue is specific to the WebSocket API; Deno.connect and fetch() are addressed in a companion advisory.

Technical ContextAI

Deno (pkg:rust/deno) implements a capability-based permission system where --deny-net blocklists specific hostnames or IP ranges to restrict outbound network access from untrusted scripts. For WebSocket connections, the enforcement logic performed a single hostname-level match against the blocklist prior to DNS resolution. After DNS resolution, the runtime did not re-validate the resulting IP addresses against the same deny rules - the TCP connection was established directly to the resolved IP without a second permission check. This gap is classified under CWE-918 (Server-Side Request Forgery), because a malicious script can cause the runtime to make network connections to destinations the user explicitly intended to forbid. The root cause is architecturally equivalent to a DNS rebinding attack: the checked identity (hostname) and the connected identity (IP) diverge, and only the former is verified. The issue is isolated to the WebSocket code path; Deno.connect and fetch() have separate (and separately patched) IP validation logic.

RemediationAI

Upgrade Deno to version 2.8.1 or later, which is the vendor-released patch confirmed in GHSA-83pc-3rw9-qpwj (https://github.com/denoland/deno/security/advisories/GHSA-83pc-3rw9-qpwj). The vendor explicitly states no configuration-level workaround exists. As a compensating control where an immediate upgrade is not possible, remove --allow-net from any invocation of untrusted code that also relies on --deny-net for security - this eliminates the attack surface entirely by denying all network access, though it will break any functionality that requires legitimate outbound connectivity. A second compensating control is to enforce network isolation at the OS layer (e.g., Linux network namespaces, container egress firewall rules, or iptables rules blocking internal CIDRs) rather than relying solely on Deno's runtime permission system. OS-level controls are not bypassable by script-layer DNS tricks and provide a defense-in-depth layer regardless of patch status.

Vendor StatusVendor

SUSE

Severity: Moderate

Share

EUVD-2026-38542 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy