GHSA-m5x5-28jr-gpjj: pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs
pyload-ng contains a Server-Side Request Forgery (SSRF) vulnerability due to improper validation of IPv6 6to4 and NAT64 transition addresses. The vulnerability arises because the function is_global_address relies on Python's ipaddress.ip_address(value).is_global property, which incorrectly classifies certain IPv6 transition prefixes as globally routable. This allows attackers to bypass SSRF protections and reach internal IPv4 endpoints embedded within these IPv6 addresses. Exploitation requires network conditions that route 6to4 or NAT64 traffic and privileges to add links in pyload-ng. The vulnerability is rated medium severity with a CVSS score of 4.7.
AI Analysis
Technical Summary
The SSRF guard in pyload-ng uses the is_global_address function to block non-globally routable IPs, relying on Python's ipaddress.ip_address(value).is_global property. However, this property incorrectly returns True for IPv6 6to4 (2002::/16) and NAT64 (64:ff9b::/96) transition prefixes, which encapsulate internal IPv4 addresses. As a result, pyload-ng's SSRF protections can be bypassed by supplying IPv6 literals or AAAA DNS records that map to internal IPv4 addresses via these transition mechanisms. This leads to potential internal network reconnaissance and limited data exfiltration, such as cloud metadata access. The vulnerability affects pyload-ng versions from the introduction of is_global_address/is_global_host up to an unspecified fixed version. Exploitation requires the host network to route 6to4 or NAT64 traffic and privileges to add links (Perms.ADD).
Potential Impact
An attacker with limited privileges (Perms.ADD) can bypass SSRF protections in pyload-ng by exploiting the incorrect classification of IPv6 6to4 and NAT64 transition addresses as globally routable. This enables internal network reconnaissance and timing-based confirmation of internal endpoints, including potential exfiltration of cloud metadata services. The impact is limited to confidentiality and availability with no direct integrity impact. Exploitation requires specific network routing conditions (6to4 or NAT64) and is rated medium severity (CVSS 4.7).
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should be aware that SSRF protections relying on is_global_address may be bypassed via IPv6 transition addresses. Restricting or monitoring the use of IPv6 6to4 and NAT64 prefixes in network configurations and DNS records may reduce risk. Avoid running pyload-ng on Python versions 3.9 through 3.11 where 6to4 is classified as global. Follow vendor updates for official fixes.
GHSA-m5x5-28jr-gpjj: pyLoad: SSRF guard bypass via IPv6 6to4/NAT64 transition wrappers of internal IPs
Description
pyload-ng contains a Server-Side Request Forgery (SSRF) vulnerability due to improper validation of IPv6 6to4 and NAT64 transition addresses. The vulnerability arises because the function is_global_address relies on Python's ipaddress.ip_address(value).is_global property, which incorrectly classifies certain IPv6 transition prefixes as globally routable. This allows attackers to bypass SSRF protections and reach internal IPv4 endpoints embedded within these IPv6 addresses. Exploitation requires network conditions that route 6to4 or NAT64 traffic and privileges to add links in pyload-ng. The vulnerability is rated medium severity with a CVSS score of 4.7.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The SSRF guard in pyload-ng uses the is_global_address function to block non-globally routable IPs, relying on Python's ipaddress.ip_address(value).is_global property. However, this property incorrectly returns True for IPv6 6to4 (2002::/16) and NAT64 (64:ff9b::/96) transition prefixes, which encapsulate internal IPv4 addresses. As a result, pyload-ng's SSRF protections can be bypassed by supplying IPv6 literals or AAAA DNS records that map to internal IPv4 addresses via these transition mechanisms. This leads to potential internal network reconnaissance and limited data exfiltration, such as cloud metadata access. The vulnerability affects pyload-ng versions from the introduction of is_global_address/is_global_host up to an unspecified fixed version. Exploitation requires the host network to route 6to4 or NAT64 traffic and privileges to add links (Perms.ADD).
Potential Impact
An attacker with limited privileges (Perms.ADD) can bypass SSRF protections in pyload-ng by exploiting the incorrect classification of IPv6 6to4 and NAT64 transition addresses as globally routable. This enables internal network reconnaissance and timing-based confirmation of internal endpoints, including potential exfiltration of cloud metadata services. The impact is limited to confidentiality and availability with no direct integrity impact. Exploitation requires specific network routing conditions (6to4 or NAT64) and is rated medium severity (CVSS 4.7).
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should be aware that SSRF protections relying on is_global_address may be bypassed via IPv6 transition addresses. Restricting or monitoring the use of IPv6 6to4 and NAT64 prefixes in network configurations and DNS records may reduce risk. Avoid running pyload-ng on Python versions 3.9 through 3.11 where 6to4 is classified as global. Follow vendor updates for official fixes.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-m5x5-28jr-gpjj
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-48737"]
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 3.1
Threat ID: 6a4fa9a168715ace437d3e27
Added to database: 07/09/2026, 14:01:05 UTC
Last enriched: 07/09/2026, 14:03:08 UTC
Last updated: 07/09/2026, 18:16:55 UTC
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.