Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client
Description
The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cloudflare WARP client for Windows assigns IPv6 Unique Local Addresses for DNS, enabling interception on rogue IPv6 networks.
Vulnerability
The Cloudflare WARP client for Windows (versions prior to 2023.7.160.0) acts as a local DNS server and assigns loopback IPv4 addresses for DNS servers. However, on IPv6-capable networks, the client incorrectly assigns Unique Local Addresses (ULAs) instead of loopback IPv6 addresses. This allows an attacker on the same local network to potentially intercept DNS queries if the attacker's device advertises the same ULA as the WARP client's DNS server.
Exploitation
An attacker must set up a rogue Wi-Fi network that announces IPv6 support and configures its own IPv6 address to match the ULA that the WARP client assigns for DNS. When a victim connects to this rogue network, the WARP client resolves DNS queries to the attacker's device instead of the loopback interface, allowing the attacker to view the plaintext DNS requests.
Impact
An attacker with network access can passively collect all DNS queries made by the victim's device, leading to information disclosure about the websites and services the victim accesses. The attacker does not need elevated privileges beyond being on the same local network segment.
Mitigation
Cloudflare released WARP Client version 2023.7.160.0 for Windows, which fixes the issue by assigning loopback IPv6 addresses for DNS servers [1]. As a workaround, users can disable IPv6 support on their local devices until the update is applied.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cloudflare/WARPv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/cloudflare/advisories/security/advisories/GHSA-mv6g-7577-vq4wmitrevendor-advisory
- developers.cloudflare.com/warp-client/mitreproduct
- install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/releasemitrerelease-notes
News mentions
0No linked articles in our index yet.