From cdb64a869aa99f4713edbe02bbfbc6de1d1f2d9b Mon Sep 17 00:00:00 2001
From: Teknium <127238744+teknium1@users.noreply.github.com>
Date: Mon, 30 Mar 2026 18:53:24 -0700
Subject: [PATCH] fix(security): reject private and loopback IPs in Telegram
 DoH fallback (#4129)

Co-authored-by: Maymun <139681654+maymuneth@users.noreply.github.com>
---
 gateway/platforms/telegram_network.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gateway/platforms/telegram_network.py b/gateway/platforms/telegram_network.py
index 93f1f0fb5..9f6d8bb46 100644
--- a/gateway/platforms/telegram_network.py
+++ b/gateway/platforms/telegram_network.py
@@ -135,6 +135,9 @@ def _normalize_fallback_ips(values: Iterable[str]) -> list[str]:
         if addr.version != 4:
             logger.warning("Ignoring non-IPv4 Telegram fallback IP: %s", raw)
             continue
+        if addr.is_private or addr.is_loopback or addr.is_link_local or addr.is_unspecified:
+            logger.warning("Ignoring private/internal Telegram fallback IP: %s", raw)
+            continue
         normalized.append(str(addr))
     return normalized