Compliance Impact

CVE-2026-45373 is a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to bypass SSRF protections and access local restricted resources, potentially exposing sensitive internal services or metadata endpoints.

Such unauthorized access to internal or sensitive data could lead to confidentiality breaches, which may impact compliance with data protection regulations like GDPR or HIPAA that require safeguarding personal and sensitive information.

Therefore, if exploited, this vulnerability could undermine an organization's ability to maintain compliance with these standards by exposing protected data or internal systems.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-45373 is a Server-Side Request Forgery (SSRF) vulnerability in the CodeWhale project's deepseek-tui tool prior to version 0.8.26.

The vulnerability arises because SSRF protections fail to block requests to private IPv6 addresses when the IPv6 address is provided directly in the URL format, such as http://[::1].

This happens due to insufficient validation of IP addresses, especially IPv6 and IPv4-mapped IPv6 addresses, allowing attackers to bypass SSRF defenses and access restricted internal network resources.

The issue is fixed in version 0.8.26 of the software.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers to perform unauthorized requests from the vulnerable server to internal or restricted network resources.

Because the SSRF protections can be bypassed, attackers might access sensitive internal services, metadata endpoints, or other private network resources that should not be exposed.

The CVSS score of 7.4 indicates a high severity due to the network attack vector, low complexity, and no required privileges or user interaction.

The main impact is on confidentiality, as attackers can gain access to sensitive information within the internal network.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves Server-Side Request Forgery (SSRF) where requests to private IPv6 addresses such as http://[::1] bypass SSRF protections. Detection can focus on monitoring network traffic or application logs for outbound HTTP requests targeting IPv6 loopback or private addresses.

You can detect potential exploitation attempts by searching for HTTP requests containing IPv6 loopback addresses or private IPv6 addresses in URLs, especially those formatted like http://[::1].

• Use network monitoring tools (e.g., tcpdump or Wireshark) to filter HTTP requests to IPv6 loopback addresses: tcpdump -i <interface> 'ip6 and dst host ::1 and tcp port 80'
• Check application logs for URLs containing IPv6 addresses in brackets, e.g., grep -E '\[::1\]' /path/to/logfile
• If the application supports verbose or debug logging, enable it to capture outgoing HTTP requests and inspect for suspicious IPv6 addresses.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade the affected CodeWhale deepseek-tui package to version 0.8.26 or later, where the SSRF vulnerability has been fixed.

Until the upgrade is applied, consider restricting outbound HTTP requests from the application to prevent access to private IPv6 addresses, especially loopback (::1) and other private ranges.

• Upgrade deepseek-tui to version 0.8.26 or above using the official release methods (npm, Docker, Cargo, or manual binaries).
• Implement network-level controls such as firewall rules to block outbound HTTP requests to private IPv6 addresses.
• Review and harden SSRF protections in your application, ensuring validation logic properly handles IPv6 addresses, including IPv4-mapped IPv6 formats.

Useful 0 Not Useful 0