flytohub/flyto-core

v2.26.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 4d MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai-agents ai-tools atomic-modules automation browser-automation execution-engine

+12 more

llm low-code mcp mcp-server model-context-protocol playwright python rpa security web-scraping workflow-automation workflow-engine

Affected surfaces

rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 4d

GHSA-794r-5rp2-fpg8 fixes an SSRF guard bypass via IPv6 transition addresses in the is_private_ip() function.

Why it matters: Addresses a high-severity (severity 95) SSRF vulnerability affecting IPv6 transition address handling; operators should upgrade to v2.26.3 immediately.

Summary

AI summary

GHSA-794r-5rp2-fpg8 fixes an SSRF guard bypass via IPv6 transition addresses.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Fixes SSRF guard bypass via IPv6 transition addresses in is_private_ip() Fixes SSRF guard bypass via IPv6 transition addresses in is_private_ip() Source: llm_adapter@2026-05-30 Confidence: high	—

Full changelog

Security patch — GHSA-794r-5rp2-fpg8

Fixes an SSRF guard bypass via IPv6 transition addresses (IPv4-mapped, IPv4-compatible, 6to4, NAT64). is_private_ip() now unwraps these transition forms via _extract_embedded_ipv4() and range-checks the embedded IPv4, so hosts like ::ffff:127.0.0.1 or 64:ff9b::a9fe:a9fe (NAT64 encoding of 169.254.169.254) are correctly treated as private/internal. Public IPv4 embedded in a transition form stays allowed.

Advisory: https://github.com/flytohub/flyto-core/security/advisories/GHSA-794r-5rp2-fpg8
Affected: <= 2.26.2 · Patched: 2.26.3
Reported by: @tonghuaroot
Regression tests: tests/core/test_ssrf_ipv6_transition.py

Published to PyPI with PEP 740 digital attestations via Trusted Publishing.

Security Fixes

GHSA-794r-5rp2-fpg8 — SSRF guard bypass fixed: `is_private_ip()` now unwraps IPv6 transition forms (IPv4‑mapped, IPv4‑compatible, 6to4, NAT64) and correctly treats embedded private IPv4 addresses as internal.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track flytohub/flyto-core

Get notified when new releases ship.

About flytohub/flyto-core

Deterministic execution engine for AI agents with 412 modules across 78 categories (browser, file, Docker, data, crypto, scheduling). Features execution trace, evidence snapshots, replay from any step, and supports both STDIO and Streamable HTTP transport.

All releases →