CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

PKSA-35by-yxtt-jc85 CVE-2026-48736

Affected package: symfony/http-client

Affected version: >=5.4.0,<5.4.53

Reported by:
FriendsOfPHP/security-advisories