PT-2026-60376 · Go · Github.Com/Doyensec/Safeurl
CVE-2026-54452
·
Publicado
2026-07-15
·
Atualizado
2026-07-15
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
The
privateNetworks blocklist was found to be missing newly added CIDR ranges. More specifically, the following CIDR ranges were not being blocked:64:ff9b:1::/48: NAT64 local-use prefix (RFC 8215)5f00::/16: Segment Routing (SRv6) SIDs (RFC 9602)3fff::/20: documentation prefix (RFC 9637)100:0:0:1::/64: Dummy IPv6 Prefix (RFC 9780)
Impact
If exploited, an attacker would potentially be able to reach resources hosted on the IPs residing in the missing ranges.
Workarounds
Disable IPv6 by setting
EnableIPv6(false). This is the default behavior of the library.Resolution
Upgrade to v0.2.4
Credits
safeurl thanks @tonghuaroot for reporting.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Github.Com/Doyensec/Safeurl