GHSA-794r-5rp2-fpg8: flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
flyto-core contains a Server-Side Request Forgery (SSRF) vulnerability in its URL validation logic that allows bypass of SSRF protections via IPv6 transition addresses embedding IPv4 or loopback addresses. The SSRF guard only checks native IPv4 private ranges and does not recognize IPv6 transition forms such as IPv4-mapped (::ffff:a.b.c.d), 6to4 (2002::/16), or NAT64 (64:ff9b::/96) addresses. This allows an authenticated workflow author to submit URLs that bypass the guard and trigger outbound HTTP requests to internal or metadata services, with the response body returned to the attacker. This vulnerability affects flyto-core versions prior to 2.26.3 and is classified as CWE-918.
AI Analysis
Technical Summary
flyto-core's SSRF protection in validate_url_ssrf relies on checking resolved IP addresses against a hardcoded list of native private IP ranges. However, it does not account for IPv6 transition address formats that embed IPv4 addresses, such as IPv4-mapped (::ffff:a.b.c.d), IPv4-compatible (::a.b.c.d), 6to4 (2002::/16), and NAT64 prefixes (64:ff9b::/96). Because the is_private_ip() function tests only direct membership in PRIVATE_IP_RANGES without unwrapping these IPv6 transition forms, requests to internal or metadata endpoints using these IPv6 forms bypass the SSRF guard. An authenticated workflow author can craft URLs with these IPv6 transition addresses to perform read SSRF attacks, exfiltrating data from internal services including cloud instance metadata endpoints and loopback or RFC1918 addresses on dual-stack hosts. The vulnerability affects the http.get atomic module and several sibling modules that share the same SSRF guard. The vulnerability is tracked as CVE-2026-55787 and affects flyto-core versions before 2.26.3.
Potential Impact
An authenticated user able to author and execute workflows can bypass the SSRF protection and make authenticated outbound HTTP GET requests to internal-only destinations that should be blocked, such as cloud instance metadata services (e.g., 169.254.169.254) and internal network services on loopback or RFC1918 addresses. The response body from these internal services is returned to the attacker, enabling data exfiltration. This compromises confidentiality of sensitive internal resources and credentials accessible via metadata services. The vulnerability is a read SSRF (CWE-918) with medium-high severity and requires workflow author privileges.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should restrict or audit workflow authorship privileges to trusted users only. Avoid allowing untrusted workflow authors to submit URLs that could exploit this SSRF bypass. Monitor vendor communications for an official patch or update that expands the SSRF guard to properly detect IPv6 transition addresses embedding private IPv4 addresses.
GHSA-794r-5rp2-fpg8: flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
Description
flyto-core contains a Server-Side Request Forgery (SSRF) vulnerability in its URL validation logic that allows bypass of SSRF protections via IPv6 transition addresses embedding IPv4 or loopback addresses. The SSRF guard only checks native IPv4 private ranges and does not recognize IPv6 transition forms such as IPv4-mapped (::ffff:a.b.c.d), 6to4 (2002::/16), or NAT64 (64:ff9b::/96) addresses. This allows an authenticated workflow author to submit URLs that bypass the guard and trigger outbound HTTP requests to internal or metadata services, with the response body returned to the attacker. This vulnerability affects flyto-core versions prior to 2.26.3 and is classified as CWE-918.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
flyto-core's SSRF protection in validate_url_ssrf relies on checking resolved IP addresses against a hardcoded list of native private IP ranges. However, it does not account for IPv6 transition address formats that embed IPv4 addresses, such as IPv4-mapped (::ffff:a.b.c.d), IPv4-compatible (::a.b.c.d), 6to4 (2002::/16), and NAT64 prefixes (64:ff9b::/96). Because the is_private_ip() function tests only direct membership in PRIVATE_IP_RANGES without unwrapping these IPv6 transition forms, requests to internal or metadata endpoints using these IPv6 forms bypass the SSRF guard. An authenticated workflow author can craft URLs with these IPv6 transition addresses to perform read SSRF attacks, exfiltrating data from internal services including cloud instance metadata endpoints and loopback or RFC1918 addresses on dual-stack hosts. The vulnerability affects the http.get atomic module and several sibling modules that share the same SSRF guard. The vulnerability is tracked as CVE-2026-55787 and affects flyto-core versions before 2.26.3.
Potential Impact
An authenticated user able to author and execute workflows can bypass the SSRF protection and make authenticated outbound HTTP GET requests to internal-only destinations that should be blocked, such as cloud instance metadata services (e.g., 169.254.169.254) and internal network services on loopback or RFC1918 addresses. The response body from these internal services is returned to the attacker, enabling data exfiltration. This compromises confidentiality of sensitive internal resources and credentials accessible via metadata services. The vulnerability is a read SSRF (CWE-918) with medium-high severity and requires workflow author privileges.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should restrict or audit workflow authorship privileges to trusted users only. Avoid allowing untrusted workflow authors to submit URLs that could exploit this SSRF bypass. Monitor vendor communications for an official patch or update that expands the SSRF guard to properly detect IPv6 transition addresses embedding private IPv4 addresses.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-794r-5rp2-fpg8
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-55787"]
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- HIGH
- Cvss Version
- 3.1
Threat ID: 6a4c345427e9c797195fe14f
Added to database: 07/06/2026, 23:03:48 UTC
Last enriched: 07/06/2026, 23:36:36 UTC
Last updated: 07/06/2026, 23:36:36 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.