PT-2026-39430 · Go · Github.Com/Tinfoil-Factory/Netfoil

Published

2026-04-29

·

Updated

2026-04-29

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Summary

Rules could be bypassed by changing the first character: example.com could be be bypassed by e.g. fxample.com.

Details

Off-by-one error in the suffixtrie implementation.

Impact

The domain filter could be bypassed. Please note that DNS filtering alone is not enough to block malicious traffic.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-193CWE-183

Related Identifiers

GHSA-84G5-X8J3-7235

Affected Products

Github.Com/Tinfoil-Factory/Netfoil