The input string is URL-encoded. Decoding the hexadecimal sequences reveals the actual target:
If the compromised instance has high-level permissions, the attacker can pivot to control your entire cloud infrastructure. Kyverno SSRF Vulnerability (CVE-2026-4789) | Orca Security The input string is URL-encoded