GHSA-5JH9-2H63-PW4Q CC-Tweaked has an SSRF Protection Bypass with NAT64

Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...

NodeVM network builtin exclusions bypass via internal _http_client and _http_server

Summary NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes underscored internal HTTP builtins such as httpclient and...

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

PT-2026-44979

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description An authenticated attacker can bypass the global isInternalAddress network protection to make arbitrary HTTP GET requests to internal network services. This occurs due to an incomplete fix in t...

CVE-2026-45492

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-33117

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...

CVE-2026-33117

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...

PT-2026-40139

Name of the Vulnerable Software and Affected Versions Azure SDK for Java affected versions not specified Description Improper authentication in the Azure SDK for Java allows an unauthorized attacker to bypass a security feature over a network. Recommendations At the moment, there is no informatio...

PT-2026-40244

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`

Summary src/utils/urlSafety.ts exposes isPublicHttpUrl / assertPublicHttpUrl, used to gate the MCP fetchWebContent tool against private-network targets. The check has two defects that together allow non-blind SSRF with the response body returned to the caller: 1. Bracketed IPv6 literals are never...

Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

The fix for CVE-2026-31892 commit 534f4ff blocks podSpecPatch when templateReferencing: Strict is active, but doesn't restrict other WorkflowSpec fields that flow through the same merge path and get applied to pods. A user can set hostNetwork: true, override serviceAccountName, or change...

CVE-2026-32946

Harden-Runner (GitHub Actions security agent) contains a vulnerability in versions 2.15.1 and earlier that allows bypassing egress-policy: block network restrictions by using DNS queries over TCP. The underlying issue is that DNS over TCP is not adequately restricted when the allowed-endpoints li...

CVE-2026-32038 OpenClaw - Sandbox Network Isolation Bypass via docker.network=container Parameter

OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...

CVE-2026-32038

OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...

EUVD-2026-10627

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network...

EUVD-2026-10599

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

EUVD-2026-10598

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-23674

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-23674

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

Windows Kerberos Security Feature Bypass Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network...