Vulnetix
Try Vulnetix Request Demo
CVE-2026-30827 PUBLISHED CVSS 7.5 HIGH

express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network

EPSS 0.02% · 4.4th percentile

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.02%
4.4th percentile

Affected Products

VendorProductVersions
AWSconnect
npmexpress-rate-limit8.0.0, 8.2.0, 8.1.0
express-rate-limitexpress-rate-limit>= 8.1.0, < 8.1.1, >= 8.0.0, < 8.0.2, >= 8.1.0, < 8.1.1
express-rate-limit_projectexpress-rate-limit8.2.0, 8.1.0, 8.0.0

Timeline

References

Open in Interactive Console →