CVE-2026-35409: Directus SSRF Protection Bypass (HIGH)
Plattform
nodejs
Komponente
directus
Behoben in
11.16.0
CVE-2026-35409 is a Server-Side Request Forgery (SSRF) protection bypass vulnerability in Directus. The IP address validation mechanism used to block requests to local and private networks could be circumvented using IPv4-Mapped IPv6 address notation. This issue is fixed in Directus version 11.16.0.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35409?
CVE-2026-35409 is a Server-Side Request Forgery (SSRF) protection bypass vulnerability in Directus.
Am I affected by CVE-2026-35409?
You are affected if you are using a version of Directus prior to 11.16.0.
How can I fix CVE-2026-35409?
Upgrade your Directus instance to version 11.16.0 or later to resolve this vulnerability.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten