CVE-2026-47684— Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
Possible ATT&CK Techniques 3AI
T1059 · Command and Scripting Interpreter T1189 · Drive-by Compromise T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-47684
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1), allowing SSRF protection to be bypassed on dual-stack systems. Version 2.3.0 fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-47684
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-47684
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-47684 (1)
Vendor Pages for CVE-2026-47684 (1)
- 🔗 Release v2.3.0 · Sync-in/server · GitHubx_refsource_MISC
IV. Related Vulnerabilities
Same product: server
- CVE-2026-48165
MariaDB: unsafe usage of `wsrep_sst_receive_address` values - CVE-2026-48163
MariaDB: wsrep SST unsafe parameter handling on the donor si - CVE-2026-44173
MariaDB: FILE privilege was not checked for subqueries in th - CVE-2026-44172
MariaDB: mysql_real_escape_string() incorrectly handled big5 - CVE-2026-44171
MariaDB: path traversal in mbstream
Same weakness: CWE-918
- CVE-2026-49345
Mercator CVE Configuration Vulnerable to Server-Side Request - CVE-2026-12726
Awx: automation-controller: awx: github webhook second-order - CVE-2026-49359
PhpWeasyPrint vulnerable to SSRF and local file disclosure v - CVE-2026-11989
Bit integrations <= 2.8.7 - Unauthenticated Server-Side Requ - CVE-2026-4328
Advanced Import: One-Click Demo Import for WordPress <= 1.4.
V. Comments for CVE-2026-47684
No comments yet