CVE-2026-42261— PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body (up to 5 MB) back to the caller. The SSRF protection in apps/web/src/utils/remote-http.ts (isPrivateIPv6) attempts to block private/loopback destinations, but multiple alternate-but-valid IPv6 representations bypass the check. The bypasses reach any IPv4 address (loopback, RFC1918, link-local) via IPv4-mapped IPv6 in hex form, and the canonical ::1 via any representation that isn't the literal string "::1". Any authenticated user (role: user or admin) can trigger the SSRF. On deployments configured with ALLOW_REGISTRATION=true — a supported and documented configuration — this means any internet user who can register. This issue has been patched in version 0.5.4.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

输入验证不恰当

PromptHub 输入验证错误漏洞

PromptHub是凌小添（legeling）个人开发者的一款AI提示词与技能管理工具。 PromptHub 0.4.9版本至0.5.4之前版本存在输入验证错误漏洞，该漏洞源于POST /api/skills/fetch-remote端点获取用户提供的URL并返回响应体，SSRF保护尝试阻止私有/回环目标但多个替代但有效的IPv6表示绕过检查，任何认证用户均可触发SSRF，在配置ALLOW_REGISTRATION=true的部署中任何能注册的互联网用户均可利用。

N/A

N/A