diff --git a/changelog/14487.txt b/changelog/14487.txt
new file mode 100644
index 000000000..b7e9969cc
--- /dev/null
+++ b/changelog/14487.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+sdk/cidrutil: Only check if cidr contains remote address for IP addresses
+```
\ No newline at end of file
diff --git a/sdk/helper/cidrutil/cidr.go b/sdk/helper/cidrutil/cidr.go
index 33c9a1614..7e48c2be5 100644
--- a/sdk/helper/cidrutil/cidr.go
+++ b/sdk/helper/cidrutil/cidr.go
@@ -10,6 +10,10 @@ import (
 	sockaddr "github.com/hashicorp/go-sockaddr"
 )
 
+func isIPAddr(cidr sockaddr.SockAddr) bool {
+	return (cidr.Type() & sockaddr.TypeIP) != 0
+}
+
 // RemoteAddrIsOk checks if the given remote address is either:
 //   - OK because there's no CIDR whitelist
 //   - OK because it's in the CIDR whitelist
@@ -24,7 +28,7 @@ func RemoteAddrIsOk(remoteAddr string, boundCIDRs []*sockaddr.SockAddrMarshaler)
 		return false
 	}
 	for _, cidr := range boundCIDRs {
-		if cidr.Contains(remoteSockAddr) {
+		if isIPAddr(cidr) && cidr.Contains(remoteSockAddr) {
 			// Whitelisted.
 			return true
 		}