Product
A vulnerability in Nebula-mesh allows non-admin operators with the 'user' role to bypass Server-Side Request Forgery (SSRF) protection by setting `allow_private: true` on webhook subscriptions, enabling the server to make requests to internal or loopback network addresses, which can lead to internal network probing, blind interaction with internal services, and potentially the exfiltration of cloud IAM credentials.