Remote Server-Side Request Forgery Vulnerability in DSSRF Library by HackingRepo
CVE-2026-44232

8.7HIGH

Key Information:

Vendor: Hackingrepo
Status: Dssrf-js
Vendor: CVE Published:; 12 May 2026

🔔 Create Hackingrepo Vulnerability Alert

What is CVE-2026-44232?

The DSSRF library, a popular Node.js utility that offers advanced SSRF defense mechanisms, contains a vulnerability that affects the is_url_safe function. In versions prior to 1.3.0, this vulnerability permits IPv6 category bypass, potentially allowing malicious users to initiate unauthorized requests to internal resources. This flaw compromises the integrity of the application and highlights the importance of keeping libraries updated to mitigate risks associated with SSRF attacks.

Affected Version(s)

dssrf-js < 1.3.0

References

https://github.com/HackingRepo/dssrf-js/security/advisori...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44232 Data

JSON