CVE-2026-44232

Name of the Vulnerable Software and Affected Versions dssrf versions prior to 1.3.0

Description A flaw in the library allows attackers to bypass Server-Side Request Forgery (SSRF) protections by using various IPv6 address categories. This occurs because the is url safe() function fails to properly block IPv6 addresses, including loopback, unique local addresses (ULA), link-local, and IPv4-mapped addresses, despite documentation claiming IPv6 was disabled.

Recommendations Update to version 1.3.0.