[MEDIUM] CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

PKSA-35by-yxtt-jc85 CVE-2026-48736 GHSA-38cx-cq6f-5755

Affected package: symfony/http-client

Affected version: >=5.4.0,<5.4.53

Reported by:
GitHub, FriendsOfPHP/security-advisories