VYPR
← All advisories
High severityGHSA Advisory· Published May 14, 2026

DeepSeek TUI has SSRF‌ IPV6 bypass

CVE-2026-45373

Description

Summary

Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://[::1], the SSRF defenses do not work.

### Details https://github.com/Hmbown/DeepSeek-TUI/blob/15f62e3e93d842f30b428877819ebc1c8cb96814/crates/tui/src/tools/fetch_url.rs#L321

PoC

Prompt:‌ Run fetch_url tool and give output, no thinking. Use url : http://[::1]

Impact

Access to local restricted resources

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

DeepSeek-TUI's SSRF filter fails to block requests to local services when an IPv6 loopback address like http://[::1] is used in the URL.

Root

Cause

The vulnerability is a server-side request forgery (SSRF) bypass in the fetch_url tool of DeepSeek-TUI. While the application validates hostnames that resolve to private IPv6 addresses, the filter is not applied when the IPv6 loopback address is provided directly in bracket notation, such as http://[::1] [2]. This allows a crafted prompt to bypass the intended restriction.

Exploitation

An attacker can exploit this by sending a prompt to the fetch_url tool with the URL http://[::1] or similar IPv6 loopback variations. No authentication or special privileges are needed; the attacker only needs to submit a specially crafted prompt to the tool [2]. The lack of proper input validation on bracket-style IPv6 addresses means the SSRF check is effectively skipped.

Impact

Successful exploitation allows an attacker to access local restricted resources on the host machine, including internal services and data that should not be exposed to external requests. This could result in confidentiality breaches and potentially integrity impacts if those resources can be modified [2].

Mitigation

The issue has been addressed in DeepSeek-TUI version 0.8.26, which is the first fixed release [1]. Users are advised to update to this version or later. No workaround is available for earlier versions beyond applying the update.

References
  1. Release v0.8.26 · Hmbown/DeepSeek-TUI
  2. SSRF‌ IPV6 bypass

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
deepseek-tuicrates.io
< 0.8.260.8.26

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.