CVE-2026-43993 – JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access

CVE ID :CVE-2026-43993

Published : May 12, 2026, 5:16 p.m. | 41 minutes ago

Description :JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge’s computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…