AIKIDO-2026-10506

TL;DR

Affected versions of this package are vulnerable to server-side request forgery (SSRF) due to insufficient validation of user-controlled region parameters used to construct service endpoints. The affected logic incorporates externally supplied region values into outbound request targets without enforcing strict format or allowlist checks, allowing crafted input to redirect requests to unintended hosts or internal network locations. An attacker able to control the region parameter can cause the application to initiate unauthorized network requests, potentially exposing internal services or sensitive metadata endpoints.