CVE-2026-49859 Overview
CVE-2026-49859 affects the Deno JavaScript, TypeScript, and WebAssembly runtime prior to version 2.8.1. The vulnerability allows an attacker-controlled script to bypass the --deny-net network permission flag by leveraging DNS resolution behavior. When fetch() was called, Deno validated the destination hostname against deny-net rules but failed to re-check the resolved IP addresses. A specially crafted domain name passes the hostname-based check yet resolves to a denied IP, bypassing the network restriction. The flaw is classified under [CWE-693] Protection Mechanism Failure and is resolved in Deno 2.8.1.
Critical Impact
Untrusted Deno scripts can reach network destinations that operators explicitly denied, enabling access to internal services and bypassing sandbox boundaries intended to contain script behavior.
Affected Products
- Deno runtime versions prior to 2.8.1
- Applications relying on --deny-net permission flags for network sandboxing
- Deno-based serverless and edge workloads enforcing network egress restrictions
Discovery Timeline
- 2026-06-23 - CVE-2026-49859 published to NVD
- 2026-06-24 - Last updated in NVD database
Technical Details for CVE-2026-49859
Vulnerability Analysis
Deno enforces a capability-based permission model where operators restrict network access using --allow-net and --deny-net flags. The vulnerability exists in the fetch() permission check pipeline. Deno compares the URL hostname against the deny list before performing DNS resolution. The runtime does not validate the resolved IP addresses against the same deny rules after resolution completes. This creates a time-of-check to time-of-use gap between policy evaluation and the actual socket connection.
An attacker who controls authoritative DNS for a domain can return arbitrary IP addresses. The script supplies a hostname not present in the deny list. DNS resolution then returns an IP address that operators specifically intended to block, such as internal RFC1918 ranges or cloud metadata endpoints. The fetch operation proceeds against the denied IP because the IP-level check is missing.
Root Cause
The root cause is incomplete enforcement of the deny-net protection mechanism [CWE-693]. The permission layer treats hostname strings and IP literals as separate inputs without normalizing them through DNS resolution before policy evaluation. Resolution outcomes never feed back into the authorization decision.
Attack Vector
Exploitation requires a low-privilege local actor running an untrusted Deno script with fetch() capability and partial network permissions. The attacker registers or controls a domain whose DNS records resolve to a denied IP address, then issues fetch("https://attacker-domain.example/") from within the sandboxed script. The runtime approves the hostname, resolves it, and connects to the denied destination. Common targets include 169.254.169.254 for cloud metadata services and internal management interfaces on private IP ranges.
No verified public exploit code was available at the time of publication. See the GitHub Security Advisory for vendor technical details.
Detection Methods for CVE-2026-49859
Indicators of Compromise
- Outbound connections from Deno processes to internal IP ranges or cloud metadata endpoints (169.254.169.254, fd00::/8, RFC1918 ranges) that should have been blocked by --deny-net
- DNS queries from Deno workloads resolving external domains to internal or loopback addresses
- Deno processes running versions earlier than 2.8.1 while configured with --deny-net policies
Detection Strategies
- Inventory Deno installations using software composition analysis and flag any binary reporting a version below 2.8.1
- Correlate DNS resolution logs with subsequent TCP connection logs to identify domains resolving to denied IP ranges from Deno hosts
- Alert on Deno child processes initiating connections to cloud metadata services or internal management subnets
Monitoring Recommendations
- Enable host-based egress logging for runtime processes and forward to a centralized analytics platform
- Track Deno runtime version distribution across development, CI, and production environments
- Monitor authoritative DNS responses for external lookups that map to private address space, a common indicator of DNS rebinding-style abuse
How to Mitigate CVE-2026-49859
Immediate Actions Required
- Upgrade all Deno runtimes to version 2.8.1 or later across development workstations, CI pipelines, and production hosts
- Audit existing --deny-net configurations and confirm enforcement after the upgrade by testing with controlled domains
- Restrict outbound egress at the network layer so denied IP ranges cannot be reached even if runtime permissions fail
Patch Information
The Deno maintainers fixed CVE-2026-49859 in release 2.8.1. The patch re-checks resolved IP addresses against --deny-net rules after DNS resolution and before establishing the connection. Review the GitHub Security Advisory GHSA-cpgj-f7g3-2pp2 for the official fix details and release notes.
Workarounds
- Enforce egress filtering with host firewalls or cloud security groups to block traffic to sensitive internal ranges regardless of runtime policy
- Run Deno workloads inside network namespaces or containers that cannot route to internal management networks or metadata endpoints
- Pin DNS resolution to internal resolvers that refuse to return private addresses for external domains, mitigating DNS-based bypass techniques
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

