EXECUTIVE SUMMARY:
CVE-2026-44232 with a CVSS score of 8.7 is a SSRF vulnerability in the dssrf package, which allows an attacker to bypass its SSRF protections by supplying one of the following IPv6 addresses, resulting in a successful SSRF. The vulnerability affects versions of the package prior to 1.3.0 and can be exploited by an attacker with a medium privilege level, specifically requiring network access to the vulnerable application. An attacker can exploit this vulnerability by supplying a malicious IPv6 address, which can lead to unauthorized data disclosure or access to internal systems. The business impact of this vulnerability is high, as it allows an attacker to bypass security controls and potentially compromise sensitive data or systems. To exploit this vulnerability, an attacker must have network access to the vulnerable application and be able to supply a malicious IPv6 address.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-44232 with a CVSS score of 8.7 is a SSRF vulnerability in the dssrf package, which allows an attacker to bypass its SSRF protections by supplying one of the following IPv6 addresses, resulting in a successful SSRF. The vulnerability affects versions of the package prior to 1.3.0 and can be exploited by an attacker with a medium privilege level, specifically requiring network access to the vulnerable application. An attacker can exploit this vulnerability by supplying a malicious IPv6 address, which can lead to unauthorized data disclosure or access to internal systems. The business impact of this vulnerability is high, as it allows an attacker to bypass security controls and potentially compromise sensitive data or systems. To exploit this vulnerability, an attacker must have network access to the vulnerable application and be able to supply a malicious IPv6 address.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update dssrf to version 1.3.0.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-8p33-q827-ghj5