Incomplete Filtering of Special Elements
CVE-2026-44232
Summary
A vulnerability in dssrf allows an attacker to bypass its SSRF protections by supplying one of the following IPv6 addresses, resulting in a successful SSRF. This contradicts dssrf documentation, which incorrectly claims that IPv6 is disabled entirely. This affects versions prior to 1.3.0.
CWE-791 - Incomplete Filtering of Special Elements
The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
References
Advisory Timeline
- Published
