9 matches found
GHSA-QXGF-HMCJ-3XW3 OpenClaw affected by SSRF via unguarded image download in fal provider
Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...
CVE-2026-34504 OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...
CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...
CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...
CVE-2026-33484
Langflow exposes an unauthenticated IDOR on image downloads via /api/v1/files/images/{flow_id}/{file_name} in versions 1.0.0–1.8.1. An attacker who can discover or guess a flow_id can download any user’s uploaded images without credentials in multi-tenant deployments. A patch is available in vers...
langflow has Unauthenticated IDOR on Image Downloads
Summary The /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns the image with HTTP 200. Details src/backend/base/langflow/api/v1/files.py:138-164 — downloadimage takes...
GHSA-4VCX-3PJ3-44M7 Dosage vulnerable to a Directory Traversal through crafted HTTP responses
Impact When downloadinging comic images, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type heade...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the machine init process. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack during the download of VM images from an OCI registry. Workaround This...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the machine init process. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack during the download of VM images from an OCI registry. Workaround This...