40 matches found
CVE-2026-49138
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...
EUVD-2026-33757
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...
CVE-2026-49138 Nanobot < 0.2.1 SSRF via web_fetch Tool Redirect Following
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...
CVE-2026-45310 CodeWhale: SSRF via HTTP Redirect Bypass in fetch_url Tool
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...
GHSA-HV85-774V-26FG auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs
SSRF + disk-exfil in downloadmedia and authfetch tools — ymw0407/auth-fetch-mcp Severity The downloadmedia and authfetch MCP tools accept arbitrary URLs and reach them as the MCP server process, with downloadmedia additionally persisting the fetched response body to a user-controlled output...
GHSA-96FF-GC8G-WPVG DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool
Summary The fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks. However, the HTTP client reqwest is configured to automatically follo...
EUVD-2026-23452
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...
CVE-2026-40516
Technical details about CVE-2026-40516 are not publicly available in the provided Connected documents; the description exists but without explicit vendor/product/versions in this set. Monitor for updates.
GHSA-52VJ-FVRV-7Q82 OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...
EUVD-2026-21306
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...
CVE-2026-6011
OpenClaw (up to version 2026.1.26) contains a vulnerability in the file src/agents/tools/web-fetch.ts (assertPublicHostname handler) that enables server-side request forgery when a crafted request manipulates internal hostname handling. Exploitation is network-based with high complexity as descri...
PT-2026-31871
Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.1.26 Description A weakness exists in OpenClaw up to version 2026.1.26, specifically within the assertPublicHostname Handler functionality of the file src/agents/tools/web-fetch.ts. A manipulation can lead to...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.1.26 have code vulnerabilities. These vulnerabilities stem from incorrect operations on the src/agents/tools/web-fetch.ts file, which may lead to server-side request forgery attac...
HTTPS Fetch, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/meterpreter/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns show options ...show...
SUSE CVE-2026-30858
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including privat...
GO-2026-4643 WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources in github.com/Tencent/WeKnora
WeKnora has DNS Rebinding Vulnerability in webfetch Tool that Allows SSRF to Internal Resources in github.com/Tencent/WeKnora...
CVE-2026-30858
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including privat...
CVE-2026-30858
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including privat...
CVE-2026-30858 WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including privat...
GHSA-H6GW-8F77-MMMP WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
Summary A DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses e.g., 127.0.0.1, 192.168.x.x. By crafting a malicious domain that resolves to a public IP during...