{"data":{"id":"bcdb4f23-299a-410f-a9e7-1e48dbd2cebc","title":"GHSA-794r-5rp2-fpg8: flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf","summary":"The flyto-core library has a security flaw in its SSRF protection (SSRF is server-side request forgery, where an attacker tricks a server into making requests to internal systems). The protection checks if a URL points to a private IP address, but it only recognizes standard private IP formats and misses special IPv6 transition address forms (formats that embed IPv4 addresses like ::ffff:127.0.0.1). An attacker who can write workflows can use these alternate address formats to bypass the protection and access internal services like cloud metadata endpoints, potentially reading sensitive data.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-794r-5rp2-fpg8","publishedAt":"2026-07-06T17:30:34.000Z","cveId":"CVE-2026-55787","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["flyto-core@<= 2.26.2 (fixed: 2.26.3)"],"affectedVendors":[],"affectedVendorsRaw":["flyto-core"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-06T17:30:34.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}