CVE-2026-43993 – JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access

CVE ID :CVE-2026-43993

Published : May 12, 2026, 5:16 p.m. | 41 minutes ago

Description :JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge’s computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-44167 – phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

CVE-2026-34644 – After Effects | Integer Overflow or Wraparound (CWE-190)

CVE-2026-34643 – After Effects | Out-of-bounds Write (CWE-787)

CVE-2026-34642 – After Effects | Heap-based Buffer Overflow (CWE-122)