Summary The fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to prevent SSRF attacks against internal services (cloud metadata endpoints, localhost, p…
| CVE ID | CVE-2026-45310 |
| Vendor | rust |
| Affected Product | deepseek-tui |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.4 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
The fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to prevent SSRF attacks against internal services (cloud metadata endpoints, localhost, private networks). However, the HTTP client (reqwest) is configured to automatically follow up to 5 redirects (reqwest::redirect::Policy::limited(5)) without re-validating the redirect target against the same SSRF protections.
Step 1 — Baseline: Confirm fetch_url blocks direct requests to restricted IPs. `` Prompt: use fetch_url to fetch http://169.254.169.254/latest/meta-data/ Expected: Error — "restricted address (private/loopback/link-local)" ` Step 2 — SSRF bypass via redirect: Fetch a public URL that redirects to the restricted IP. `` Pr
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.