6 matches found
CVE-2026-49213
TypeBot prior to version 3.17.2 contains an SSRF protection bypass in the shared validator (packages/lib/src/ssrf/validateHttpReqUrl.ts). The validator allows the IPv6 unspecified address :: (and its expanded form) to bypass local, metadata, and private range checks, enabling a workspace editor/c...
CVE-2026-49213 TypeBot: SSRF protection bypass via IPv6 unspecified address in Typebot HTTP request execution
TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. ...
BIT-MASTODON-2026-46348 Mastodon: SSRF Bypass via IPv6 Unspecified Address (::)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ranges was lacking an IP address range that can be used to reach local IP addresses. An attacker can use an IP address in the affected range to make...
CVE-2026-46348
CVE-2026-46348 affects Mastodon servers prior to 4.5.10, 4.4.17, and 4.3.23. The issue stems from the disallowed IP range list lacking an IPv6 unspecified address (::), allowing an attacker to induce HTTP requests to loopback interfaces and potentially access private resources and services. Impac...
Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...
ANT-2026-6DSMTXZ8 · mastodon · SSRF
ssrf high GHSA-crr4-7rm4-8gpw Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-6DSMTXZ8: SSRF Bypass via IPv6 Unspecified...