diff --git a/src/media-understanding/attachments.ssrf.test.ts b/src/media-understanding/attachments.ssrf.test.ts
new file mode 100644
index 0000000000..03066fa637
--- /dev/null
+++ b/src/media-understanding/attachments.ssrf.test.ts
@@ -0,0 +1,24 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { MediaAttachmentCache } from "./attachments.js";
+
+const originalFetch = globalThis.fetch;
+
+describe("media understanding attachments SSRF", () => {
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+    vi.restoreAllMocks();
+  });
+
+  it("blocks private IP URLs before fetching", async () => {
+    const fetchSpy = vi.fn();
+    globalThis.fetch = fetchSpy as typeof fetch;
+
+    const cache = new MediaAttachmentCache([{ index: 0, url: "http://127.0.0.1/secret.jpg" }]);
+
+    await expect(
+      cache.getBuffer({ attachmentIndex: 0, maxBytes: 1024, timeoutMs: 1000 }),
+    ).rejects.toThrow(/private|internal|blocked/i);
+
+    expect(fetchSpy).not.toHaveBeenCalled();
+  });
+});