GHSA-794r-5rp2-fpg8: flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
Summary
The flyto-core library has a security flaw in its SSRF protection (SSRF is server-side request forgery, where an attacker tricks a server into making requests to internal systems). The protection checks if a URL points to a private IP address, but it only recognizes standard private IP formats and misses special IPv6 transition address forms (formats that embed IPv4 addresses like ::ffff:127.0.0.1). An attacker who can write workflows can use these alternate address formats to bypass the protection and access internal services like cloud metadata endpoints, potentially reading sensitive data.
Vulnerability Details
EPSS: 0.0%
Yes
July 6, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-794r-5rp2-fpg8
First tracked: July 6, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%