GHSA-96ff-gc8g-wpvg: DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool
highvulnerabilityLLM-Specific
security
Summary
DeepSeek's TUI has a security flaw in its `fetch_url` tool where it blocks direct requests to restricted IP addresses (like cloud metadata endpoints and private networks) but fails to re-check redirect targets. An attacker can bypass this SSRF protection (server-side request forgery, where an AI is tricked into accessing internal systems) by providing a public URL that redirects to a restricted IP, allowing potential theft of cloud credentials and sensitive data on cloud-hosted instances.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
May 14, 2026
Classification
Attack Type
Prompt InjectionRAG Poisoning
Attack SophisticationModerate
Impact (CIA+S)
confidentiality
Affected Vendors
Affected Packages
deepseek-tui@< 0.8.22 (fixed: 0.8.22)deepseek-tui-cli@< 0.8.22 (fixed: 0.8.22)deepseek-tui@< 0.8.22 (fixed: 0.8.22)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-96ff-gc8g-wpvg
First tracked: May 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%