4 matches found
CVE-2026-45373
CodeWhale: SSRF bypass in DeepSeek-TUI (CodeWhale via DeepSeek + MiMo) allows http://[::1] to bypass hostname validation prior to 0.8.26. The vulnerability stems from SSRF defenses not handling IPv6 literals correctly, enabling access to internal resources. Affected version is before 0.8.26; reme...
CVE-2026-45373 CodeWhale: SSRF IPV6 bypass
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as http://::1, the SSRF defenses do not work. This vulnerability is fixed in 0.8.26...
CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`
PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...
MiracleLinux 3 : kernel-2.6.18-348.2.AXS3 (AXSA:2013-124:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-124:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...