Threat Advisory

Safeurl Flaw Lets Attackers Reach Unblocked IPv6 Resources

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Medium
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A medium-severity CWE-918 vulnerability, identified as CVE-2026-54452 with a CVSS score of 6.9, exists in the safeurl library due to missing IPv6 CIDR ranges in its privateNetworks blocklist. Specifically, the following ranges were not being blocked: NAT64 local-use prefix (RFC 8215), Segment Routing (SRv6) SIDs (RFC 9602), documentation prefix (RFC 9637), and Dummy IPv6 Prefix (RFC 9780). If exploited, an attacker could potentially reach resources hosted on IPs residing in the missing ranges. This vulnerability has a significant business impact for organizations reliant on IPv6 connectivity and exists in versions prior to 0.2.4 of the safeurl library.

RECOMMENDATION:

We recommend you to update safeurl to version 0.2.4.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A medium-severity CWE-918 vulnerability, identified as CVE-2026-54452 with a CVSS score of 6.9, exists in the safeurl library due to missing IPv6 CIDR ranges in its privateNetworks blocklist. Specifically, the following ranges were not being blocked: NAT64 local-use prefix (RFC 8215), Segment Routing (SRv6) SIDs (RFC 9602), documentation prefix (RFC 9637), and Dummy IPv6 Prefix (RFC 9780). If exploited, an attacker could potentially reach resources hosted on IPs residing in the missing ranges. This vulnerability has a significant business impact for organizations reliant on IPv6 connectivity and exists in versions prior to 0.2.4 of the safeurl library.

RECOMMENDATION:

We recommend you to update safeurl to version 0.2.4.[emaillocker id="1283"]

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu