CVE-2026-41360

OpenClaw

Server-side Request Forgery (SSRF)

Overview @astrojs/cloudflare is a Deploy your site to Cloudflare Workers/Pages Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in image-binding-transform endpoint. An attacker can cause the server to make unauthorized requests to arbitra...

Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)

Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...

GHSA-88GM-J2WX-58H6 Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)

Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...

ksmbd: do not expire session on binding failure

...

SUSE CVE-2026-31476

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets sess-state = SMB2SESSIONEXPIRED. However, during binding, sess points to t...

SUSE CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

PT-2026-34823

Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...

NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access

Summary The --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address all interfaces, regardless of what the user configures. On a LAN,...

GHSA-2HP7-65R3-WV54 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access

Summary The --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address all interfaces, regardless of what the user configures. On a LAN,...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization due to improper network binding in the ListenAndServe function. An attacker can gain unauthorized remote access and execute arbitrary database queries by connecting to the exposed Bolt server interface over the...

CVE-2026-31503

A flaw was found in the Linux kernel's User Datagram Protocol UDP implementation. When a significant number of UDP sockets are bound to specific local addresses on the same port, the kernel's conflict detection mechanism can fail. This allows a local attacker to bind to a wildcard address on a po...

CVE-2026-31476

A flaw was found in ksmbd in the Linux kernel. A remote attacker can exploit this vulnerability by sending a multichannel session binding request with an incorrect password. This improper handling of failed binding requests can cause an active session to expire, leading to a Denial of Service DoS...

EUVD-2026-24951

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

EUVD-2026-24880

In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 for collision detection. The current code switches to "hash2" when...

EUVD-2026-24831

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets sess-state = SMB2SESSIONEXPIRED. However, during binding, sess points to t...

DEBIAN-CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CVE-2026-31476

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets sess-state = SMB2SESSIONEXPIRED. However, during binding, sess points to t...

CVE-2026-33599

A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...

UBUNTU-CVE-2026-33599

A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...