Skip to main content

!!top!! — Webhook-url-http-3a-2f-2f169.254.169.254-2fmetadata-2fidentity-2foauth2-2ftoken

Never allow requests to the Link-Local address range ( 169.254.x.x ).

Run a sidecar proxy (e.g., Webhook Relay or Nginx ) that strictly filters outbound destinations. Never let your application logic resolve DNS or IPs directly. Never allow requests to the Link-Local address range ( 169

The metadata endpoint:

To address this, I returned to the workflow template and updated the External API configuration to use a JPath expression on the r... Cyber Advisors Cloud Takeover Never allow requests to the Link-Local address range ( 169

If the compromised instance has high-level permissions, the attacker can pivot to control your entire cloud infrastructure. Kyverno SSRF Vulnerability (CVE-2026-4789) | Orca Security Never allow requests to the Link-Local address range ( 169