HIGH
Sync-in
CVE published 2026-06-16
CVE-2026-47684
CVE-2026-47684 is a HIGH severity vulnerability in Sync-in Server, a secure, open-source platform for file storage, sharing, collaboration, and syncing. The bug allows for SSRF protection bypass on dual-stack systems due to a flawed private IP blocklist regex used in the URL download feature, which fails to match IPv4-mapped IPv6 addresses. This issue was fixed in version 2.3.0.