Product
DeepSeek TUI is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation against IPv6 addresses. When providing an IPv6 address in a URL as `http://[::1]`, the SSRF defenses are bypassed, potentially allowing access to local restricted resources, tracked as CVE-2026-45373.