HomeCVE Intelligence › CVE-2026-55787
CVSS 7.1 HIGH Vulnerability

CVE-2026-55787: flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT6…

Summary flyto-core's SSRF protection (validate_url_ssrf / is_private_ip in src/core/utils.py) blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRI…

7.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-55787
Vendorpip
Affected Productflyto-core
Vulnerability TypeVulnerability
CVSS Score7.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary flyto-core's SSRF protection (validate_url_ssrf / is_private_ip in src/core/utils.py) blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATE_IP_RANGES list. That list contains only the *native* RFC 1918 / loopback / link-local / unique-local ranges. It does not account for IPv6 transition address forms that embed an IPv4 (or loopback) target: - IPv4-mapped ::ffff:a.b.c.d

• IPv4-compatible ::a.b.c.d
• 6to4 2002::/16
• NAT64 well-known prefix 64:ff9b::/96 and local-use 64:ff9b:1::/48 A workflow author can submit a URL with a literal transition-form host (for example http://[::ffff:127.0.0.1]:8080/... or http://[64:ff9b::a9fe:a9fe]/latest/meta-data/). is_private_ip() returns `Fa

🎯 Known Indicators of Compromise

{"type":"url","value":"http://[::ffff:127.0.0.1]:8080/...`","confidence_score":0.82,"first_seen":"2026-07-06","source_count":1} {"type":"url","value":"http://[64:ff9b::a9fe:a9fe]/latest/meta-data/`).","confidence_score":0.82,"first_seen":"2026-07-06","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-55787 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence