10 matches found
PT-2026-50129
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678...
CC-Tweaked has an SSRF Protection Bypass with NAT64
Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...
CC-Tweaked has an SSRF Protection Bypass with NAT64
CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...
CC-Tweaked has an SSRF Protection Bypass with NAT64
CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...
CC-Tweaked has an SSRF Protection Bypass with NAT64
CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...
PT-2026-45014
Name of the Vulnerable Software and Affected Versions Gotenberg affected versions not specified Description An unauthenticated attacker can bypass the SSRF deny-list by using a crafted DNS AAAA record. The IsPublicIP function in pkg/gotenberg/outbound.go incorrectly classifies certain IPv6...
CVE-2026-44430 MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...
CVE-2026-8369 Improper Input Validation in OpenThread NAT64 Translator
Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options...
The vulnerability affects the implementation of NAT64 technology for Juniper Networks’ MS-MIC and MS-MPC routers, as well as Junos OS-based MX routers. This allows attackers to cause service interruptions.
The vulnerability of NAT64 technology implemented in Juniper Networks’ MS-MIC and MS-MPC routers for Junos OS operating systems is related to incorrect calculation of buffer size when processing IPv6 and IPv4 packets. Exploiting this vulnerability allows a malicious actor to cause service failure...
Juniper Networks Junos OS MX Denial of Service Vulnerability
Juniper Networks Junos OS is a set of network operating systems dedicated to the company's hardware devices. A memory disclosure vulnerability exists in Juniper Networks Junos OS MX Handling NAT64 IPv6, which can be exploited by a remote attacker to submit a special request, which can be used in ...