1. Server Action Exposes AWS and GCP Cloud Metadata via Unvalidated URL Fetch — Authentication Gate Fails to Block SSRF
A high-severity Server-Side Request Forgery vulnerability in the `fetchPageTitle` server action exposes cloud infrastructure to credential theft and internal network reconnaissance. The endpoint, located in `app/actions.ts` (lines 94–129), accepts arbitrary URLs from authenticated users and fetches them server-side wit...