13 matches found
CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)
Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...
EUVD-2026-37512
pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses incomplete fix of CVE-2026-46678...
CVE-2026-53754
CVE-2026-53754 affects Crawl4AI prior to version 0.8.8. The Docker API server’s SSRF protection (validate_webhook_url/validate_url_destination) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families, allowing an unauthenticated attacker to reach internal services and cloud...
CVE-2026-48782
CVE-2026-48782 affects Pydantic AI (versions 1.56.0–1.101.0, 2.0.0b1, 2.0.0b2) where the cloud-metadata blocklist can be bypassed by IPv6 transition forms that previous fixes did not decode. The IPv6 forms bypassing the blocklist can expose cloud IAM short-term credentials when an app uses force_...
Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...
GHSA-4QQR-VV2Q-CMR5 Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...
PT-2026-50129
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678...
Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite the...
Server-side Request Forgery (SSRF)
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. The NoPrivateNetworkHttpClient is designed to be a security boundary that blocks requests to private/interna...
CVE-2026-44430
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...
dns/bind9* -- servers using DNS64 can be crashed by a crafted query
ISC reports: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a...
CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
More info at https://symfony.com/cve-2026-48736...
CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
More info at https://symfony.com/cve-2026-48736...