CVE-2026-42261: PromptHub SSRF Bypass Via IPv6 Mapped Addresses

/HIGH /CVSS 7.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityserver-side-request-forgerycwe-20cwe-693cwe-918
CVE-2026-42261: PromptHub SSRF Bypass Via IPv6 Mapped Addresses

The National Vulnerability Database has detailed CVE-2026-42261, a high-severity Server-Side Request Forgery (SSRF) vulnerability in PromptHub, an AI toolbox for prompt, skill, and agent management. Affecting versions 0.4.9 to before 0.5.4, the flaw resides in the /api/skills/fetch-remote endpoint, which, when authenticated, fetches a user-supplied URL and reflects up to 5 MB of the response body. While PromptHub included an IPv6-based check to block private/loopback destinations, multiple alternate IPv6 representations effectively bypass this protection.

Attackers can leverage this bypass to reach any IPv4 address — including loopback, RFC1918, and link-local ranges — by using IPv4-mapped IPv6 in hex form. Furthermore, the canonical ::1 can be reached via any representation other than the literal string “::1”. Any authenticated user, regardless of whether they have a ‘user’ or ‘admin’ role, can trigger this SSRF. Critically, for deployments configured with ALLOW_REGISTRATION=true, any internet user can register and exploit this vulnerability. The issue has been patched in version 0.5.4.

This vulnerability carries a CVSS score of 7.1 (HIGH), with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N. This indicates network access, low attack complexity, low privileges required, and no user interaction, leading to high confidentiality impact and low integrity impact. The core issues stem from CWE-20 (Improper Input Validation), CWE-693 (Protection Mechanism Failure), and CWE-918 (Server-Side Request Forgery).

What This Means For You

  • If your organization uses PromptHub, immediately verify your deployment version. Patch to 0.5.4 or higher to remediate CVE-2026-42261. If `ALLOW_REGISTRATION=true` is enabled, this SSRF is exposed to any internet user who can register an account, making it a critical exposure. Audit for any anomalous outbound connections or unexpected data retrieval from internal systems if you were running affected versions.

Related ATT&CK Techniques

T1071.001 Web Protocols Initial Access T1595.002 Scanning IP Blocks Reconnaissance T1190 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

6 rules · 6 SIEM formats

6 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

medium T1071.001 Command and Control

C2 Beacon Detection — HTTP to Suspicious Domain

Sigma YAML — free preview 
title: C2 Beacon Detection — HTTP to Suspicious Domain
id: scw-2026-05-08-1
status: experimental
level: medium
description: |
  Detects high-frequency HTTP POST beaconing to target.local, which may indicate compromised endpoints calling back after the CVE-2026-42261 breach.
author: SCW Feed Engine (auto-generated)
date: 2026-05-08
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-42261/
tags:
  - attack.command_and_control
  - attack.t1071.001
logsource:
    category: proxy
detection:
  selection:
      dst_domain|endswith:
        - 'target.local'
      cs-method: 'POST'
      condition: selection | count() by src_ip > 50
falsepositives:
  - Legitimate activity from CVE-2026-42261

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-42261 SSRF PromptHub versions 0.4.9 to before 0.5.4
CVE-2026-42261 SSRF Vulnerable endpoint: POST /api/skills/fetch-remote in apps/web/src/routes/skills.ts
CVE-2026-42261 SSRF Bypass of isPrivateIPv6 check in apps/web/src/utils/remote-http.ts using alternate IPv6 representations
CVE-2026-42261 Auth Bypass Any authenticated user (role: user or admin) can trigger SSRF; if ALLOW_REGISTRATION=true, any internet user can register and trigger.

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 08, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console...

vulnerabilityCVEmedium-severitycwe-862
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6666 — A possible null pointer reference in PgBouncer before

CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE...

vulnerabilityCVEmedium-severitycwe-476
/SCW Vulnerability Desk /MEDIUM /5.9 /⚑ 2 IOCs /⚙ 1 Sigma

PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflow

CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM...

vulnerabilityCVEhigh-severitycwe-121
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma