The security team discovered an SSRF vulnerability that allowed attackers to access internal services.