GHSA-vgrc-hq28-p3xp: Hysteria has an authenticated UDP ACL bypass that enables localhost and private-network UDP SSRF
Hysteria's UDP relay implementation contains an authenticated UDP ACL bypass vulnerability. The server applies ACL and outbound policy only once per UDP session at session creation, but later packets within the same session can specify different destinations without re-evaluating ACL rules. This allows an authenticated client to send UDP packets to localhost or private network addresses that should be blocked by ACL, potentially exposing internal UDP services. The issue affects versions from 2.0.0 up to but not including 2.9.2. No patch or official fix is currently documented.
AI Analysis
Technical Summary
Hysteria's UDP relay treats destination addresses as packet-scoped, but ACL and outbound authorization are applied only once at session creation. An authenticated client can open a UDP session with an allowed first destination, then reuse the same session to send packets to destinations that ACL should reject, such as localhost (127.0.0.1) or RFC1918 private network addresses. This bypasses server-side UDP ACL rules, breaking the intended UDP egress restrictions. The vulnerability was verified on the current HEAD at commit 64c396385631579598cc29d5561bff98c439772f and affects versions >=2.0.0 <2.9.2. The root cause is that authorization is session-scoped while destination selection is packet-scoped, allowing later packets to bypass ACL checks.
Potential Impact
Authenticated users allowed to use the UDP relay can bypass ACL restrictions to reach internal UDP services on localhost or private network addresses from the server's perspective. This can expose sensitive internal services such as DNS resolvers, service discovery endpoints, telemetry listeners, local administrative daemons, and application-specific UDP services intended to be accessible only internally. The ACL-based UDP egress security boundary is effectively broken for these users.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, operators should be aware that ACL rules may be bypassed for UDP destinations within the same session. Consider restricting authenticated UDP relay usage to trusted clients only or disabling UDP relay if internal UDP services must be protected. Monitor vendor channels for updates and patches addressing this issue.
GHSA-vgrc-hq28-p3xp: Hysteria has an authenticated UDP ACL bypass that enables localhost and private-network UDP SSRF
Description
Hysteria's UDP relay implementation contains an authenticated UDP ACL bypass vulnerability. The server applies ACL and outbound policy only once per UDP session at session creation, but later packets within the same session can specify different destinations without re-evaluating ACL rules. This allows an authenticated client to send UDP packets to localhost or private network addresses that should be blocked by ACL, potentially exposing internal UDP services. The issue affects versions from 2.0.0 up to but not including 2.9.2. No patch or official fix is currently documented.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Hysteria's UDP relay treats destination addresses as packet-scoped, but ACL and outbound authorization are applied only once at session creation. An authenticated client can open a UDP session with an allowed first destination, then reuse the same session to send packets to destinations that ACL should reject, such as localhost (127.0.0.1) or RFC1918 private network addresses. This bypasses server-side UDP ACL rules, breaking the intended UDP egress restrictions. The vulnerability was verified on the current HEAD at commit 64c396385631579598cc29d5561bff98c439772f and affects versions >=2.0.0 <2.9.2. The root cause is that authorization is session-scoped while destination selection is packet-scoped, allowing later packets to bypass ACL checks.
Potential Impact
Authenticated users allowed to use the UDP relay can bypass ACL restrictions to reach internal UDP services on localhost or private network addresses from the server's perspective. This can expose sensitive internal services such as DNS resolvers, service discovery endpoints, telemetry listeners, local administrative daemons, and application-specific UDP services intended to be accessible only internally. The ACL-based UDP egress security boundary is effectively broken for these users.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, operators should be aware that ACL rules may be bypassed for UDP destinations within the same session. Consider restricting authenticated UDP relay usage to trusted clients only or disabling UDP relay if internal UDP services must be protected. Monitor vendor channels for updates and patches addressing this issue.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-vgrc-hq28-p3xp
- Osv Schema Version
- 1.4.0
- Aliases
- []
- Ecosystems
- ["Go"]
- Database Specific Severity
- HIGH
- Cvss Version
- 3.1
Threat ID: 6a3ef76e27e9c79719fee9d8
Added to database: 06/26/2026, 22:04:30 UTC
Last enriched: 06/26/2026, 22:09:40 UTC
Last updated: 06/26/2026, 22:09:40 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.