2 matches found
CVE-2026-47684 Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed ...
CVE-2026-47684
creationtimestamp| type| source ---|---|--- 2026-05-22 10:29:52+00:00| published-proof-of-concept| https://github.com/Sync-in/server/security/advisories/GHSA-q4x5-8cj6-52wg 2026-06-16 16:00:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mog676uy2v2c...