1. SSRF Defenses Bypassed via IPv6 Transition Prefixes, Multiple CVEs Linked to NAT64 Gaps
A defense-in-depth update has identified five IPv6 transition and reserved prefixes that can bypass traditional SSRF protections, including NAT64-wrapped routes to internal metadata services. The blocked ranges include 6to4, Teredo tunneling, NAT64 well-known and local-use prefixes, and a discard-only sinkhole prefix—e...