CVE-2026-42261

Source
https://cve.org/CVERecord?id=CVE-2026-42261
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42261.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-42261
Aliases
  • GHSA-9fhh-fjfg-5mr6
Published
2026-05-08T03:11:25.305Z
Modified
2026-07-15T01:48:57.269662738Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`
Details

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body (up to 5 MB) back to the caller. The SSRF protection in apps/web/src/utils/remote-http.ts (isPrivateIPv6) attempts to block private/loopback destinations, but multiple alternate-but-valid IPv6 representations bypass the check. The bypasses reach any IPv4 address (loopback, RFC1918, link-local) via IPv4-mapped IPv6 in hex form, and the canonical ::1 via any representation that isn't the literal string "::1". Any authenticated user (role: user or admin) can trigger the SSRF. On deployments configured with ALLOW_REGISTRATION=true — a supported and documented configuration — this means any internet user who can register. This issue has been patched in version 0.5.4.

Database specific
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42261.json",
    "cwe_ids": [
        "CWE-20",
        "CWE-693",
        "CWE-918"
    ]
}
References

Affected packages

Git / github.com/legeling/prompthub

Affected ranges

Type
GIT
Repo
https://github.com/legeling/prompthub
Events
Database specific
{
    "cpe": "cpe:2.3:a:legeling:prompthub:*:*:*:*:-:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0.4.9"
        },
        {
            "fixed": "0.5.4"
        }
    ]
}

Affected versions

v0.*
v0.4.9
v0.5.0
v0.5.1
v0.5.2
v0.5.2-rebuild.1
v0.5.2-rebuild.2
v0.5.2-rebuild.3
v0.5.3
v0.5.3-rebuild.1
v0.5.3-rebuild.2
v0.5.3-rebuild.3
v0.5.3-rebuild.4
v0.5.3-rebuild.5
v0.5.3-rebuild.6
web-v0.*
web-v0.5.3
web-v0.5.3-fix.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42261.json"