{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/deepseek-tui/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["deepseek-tui (\u003c 0.8.26)"],"_cs_severities":["high"],"_cs_tags":["ssrf","cve-2026-45373","deepseek-tui"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eDeepSeek TUI versions prior to 0.8.26 are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. The application\u0026rsquo;s input validation fails to properly sanitize IPv6 addresses provided in URLs, specifically when formatted as \u003ccode\u003ehttp://[::1]\u003c/code\u003e. This bypass allows an attacker to potentially circumvent intended access controls and interact with internal or restricted resources that would otherwise be inaccessible from the outside network. This vulnerability allows attackers to potentially read sensitive data or execute commands within the internal network.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious URL containing an IPv6 address in the format \u003ccode\u003ehttp://[::1]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker inputs this URL into the DeepSeek TUI, specifically targeting the \u003ccode\u003efetch_url\u003c/code\u003e tool.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003efetch_url\u003c/code\u003e tool in \u003ccode\u003esrc/tools/fetch_url.rs\u003c/code\u003e attempts to process the provided URL.\u003c/li\u003e\n\u003cli\u003eThe application\u0026rsquo;s SSRF defenses fail to properly validate the IPv6 address \u003ccode\u003e[::1]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application initiates a request to the specified IPv6 address (localhost).\u003c/li\u003e\n\u003cli\u003eThe request is routed to a local service or resource on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to the content or functionality of the local resource.\u003c/li\u003e\n\u003cli\u003eThe attacker can potentially read sensitive information or perform actions within the internal network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability (CVE-2026-45373) can lead to unauthorized access to internal resources and sensitive information. Attackers could potentially read configuration files, access internal APIs, or even execute arbitrary commands on the server, depending on the accessible local resources. The specific impact depends on the configuration and services running on the targeted host.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DeepSeek TUI to version 0.8.26 or later to remediate CVE-2026-45373.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect DeepSeek TUI SSRF Attempt via IPv6 Bypass\u003c/code\u003e to detect exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T20:36:31Z","date_published":"2026-05-14T20:36:31Z","id":"https://feed.craftedsignal.io/briefs/2026-05-deepseek-tui-ssrf-ipv6-bypass/","summary":"DeepSeek TUI is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation against IPv6 addresses. When providing an IPv6 address in a URL as `http://[::1]`, the SSRF defenses are bypassed, potentially allowing access to local restricted resources, tracked as CVE-2026-45373.","title":"DeepSeek TUI SSRF Vulnerability via IPv6 Bypass (CVE-2026-45373)","url":"https://feed.craftedsignal.io/briefs/2026-05-deepseek-tui-ssrf-ipv6-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Deepseek-Tui","version":"https://jsonfeed.org/version/1.1"}