← LibraryTechnique entry
C-IMDS-V2-HOPLIMITCredential Access
IMDSv2 hop-limit Bypass
Even IMDSv2 leaks via SSRF when the instance's hop limit > 1 (default 1, but often raised for legacy CNI / containers).
§ Where this technique fits
C-IMDS-V2-HOPLIMIT is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.