Lucene search
K

224 matches found

CVE
CVE
added 2026/04/17 4:2 p.m.32 views

CVE-2026-40516

Technical details about CVE-2026-40516 are not publicly available in the provided Connected documents; the description exists but without explicit vendor/product/versions in this set. Monitor for updates.

8.3CVSS5.8AI score0.0018EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/17 4:2 p.m.36 views

CVE-2026-40516 OpenHarness SSRF via web_fetch and web_search

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...

8.3CVSS0.0018EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open-source in nature. OpenHarness has a security vulnerability, which stems from the lack of target address validation in the webFetch and webSearch tools. This vulnerability may lead to server-side...

8.3CVSS5.8AI score0.0018EPSS
Exploits1References1
OSV
OSV
added 2026/04/10 6:31 a.m.3 views

GHSA-52VJ-FVRV-7Q82 OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

6.3CVSS5.2AI score0.0042EPSS
Exploits1References8
EUVD
EUVD
added 2026/04/10 6:31 a.m.8 views

EUVD-2026-21306

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

6.3CVSS5.5AI score0.0042EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/04/10 6:31 a.m.9 views

OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

8.1CVSS5.2AI score0.0042EPSS
Exploits1References9Affected Software1
Snyk
Snyk
added 2026/04/10 6:10 a.m.4 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the assertPublicHostname function in web-fetch.ts. An attacker can access internal resources or perform unauthorized network requests by sending craft...

8.1CVSS5.8AI score0.0042EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 3:45 a.m.3 views

CVE-2026-6011

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

6.3CVSS5.5AI score0.0042EPSS
Exploits1References7
CVE
CVE
added 2026/04/10 3:45 a.m.20 views

CVE-2026-6011

OpenClaw (up to version 2026.1.26) contains a vulnerability in the file src/agents/tools/web-fetch.ts (assertPublicHostname handler) that enables server-side request forgery when a crafted request manipulates internal hostname handling. Exploitation is network-based with high complexity as descri...

8.1CVSS5.5AI score0.0042EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/04/10 3:45 a.m.29 views

CVE-2026-6011 OpenClaw assertPublicHostname web-fetch.ts server-side request forgery

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

6.3CVSS0.0042EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/04/10 3:45 a.m.4 views

CVE-2026-6011 OpenClaw assertPublicHostname web-fetch.ts server-side request forgery

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

6.3CVSS5.5AI score0.0042EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.19 views

PT-2026-31871

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.1.26 Description A weakness exists in OpenClaw up to version 2026.1.26, specifically within the assertPublicHostname Handler functionality of the file src/agents/tools/web-fetch.ts. A manipulation can lead to...

8.1CVSS5.5AI score0.0042EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.1.26 have code vulnerabilities. These vulnerabilities stem from incorrect operations on the src/agents/tools/web-fetch.ts file, which may lead to server-side request forgery attac...

8.1CVSS6.3AI score0.0042EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/04/03 8:27 p.m.4 views

CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS5.9AI score0.00301EPSS
Exploits1References3
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.245 views

HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf...

6AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.236 views

HTTPS Fetch, Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/upexec/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...

6AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.286 views

HTTPS Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/https/x86/vncinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallport...

6AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.245 views

HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/vncinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show an...

6AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.289 views

HTTPS Fetch, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an HTTPS server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/https/x86/vncinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

6AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.229 views

HTTPS Fetch, Windows Command Shell, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/shell/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf...

6AI score
Exploits0
Rows per page
Query Builder