118 matches found
CVE-2026-60105
Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...
GO-2026-5244 Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes in github.com/gotenberg/gotenberg
Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes in github.com/gotenberg/gotenberg...
CVE-2026-47389
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...
CVE-2026-47389 Mastodon: SSRF protection bypass on older Ruby versions
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...
CVE-2026-53945
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...
CVE-2026-49860
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...
SUSE CVE-2026-48860
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...
EUVD-2026-36057
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...
PT-2026-46304
Name of the Vulnerable Software and Affected Versions WebOb versions prior to 1.8.10 Description An open redirect occurs when the software normalizes the HTTP Location header to include the request hostname. The process involves parsing the redirect URL using Python's urllib.parse and joining it ...
CVE-2026-45310
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...
CVE-2026-43899
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...
CVE-2026-42344 FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress allows SSRF on all protected endpoints
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding TOCTOU — Time-of-Check to Time-of-Use. The function resolves the hostname via dns.resolve4/dns.resolve6 and check...
CVE-2026-42344 FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress allows SSRF on all protected endpoints
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding TOCTOU — Time-of-Check to Time-of-Use. The function resolves the hostname via dns.resolve4/dns.resolve6 and check...
CVE-2026-42344 FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress allows SSRF on all protected endpoints
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding TOCTOU — Time-of-Check to Time-of-Use. The function resolves the hostname via dns.resolve4/dns.resolve6 and check...
CVE-2026-43441
CVE-2026-43441 relates to the Linux kernel bonding code. When IPv6 is disabled, receiving an IPv6 NS/NA on a bonded slave could reach bond_validate_na() and trigger a NULL pointer dereference in ipv6_chk_addr(). The fixes provided in the sources implement a guard: check ipv6_mod_enabled() (or ipv...
PT-2026-39208
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.11 Description The isInternalAddress function in packages/service/common/system/utils.ts fails to properly block cloud metadata endpoints. The function uses a fullUrl.startsWith check against a hardcoded list tha...
PT-2026-39207
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.12 Description The isInternalAddress function in packages/service/common/system/utils.ts is susceptible to DNS rebinding, a Time-of-Check to Time-of-Use TOCTOU issue. The function validates a hostname by resolvin...
FastGPT 安全漏洞
FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT 4.14.11 and earlier contain security vulnerabilities. These vulnerabilities stem from a DNS rebinding vulnerability in the isInternalAddress function, which...
CVE-2026-31738 vxlan: validate ND option lengths in vxlan_na_create
In the Linux kernel, the following vulnerability has been resolved: vxlan: validate ND option lengths in vxlannacreate vxlannacreate walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLAD...
EUVD-2026-21507
FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress only blocks private IPs when CHECKINTERNALIP=true, which is not the default. This allows...