4 matches found
CVE-2026-41372
Technical details such as affected products, versions, root cause, and remediation are not publicly available in the provided documents. Monitor for updates from NVD, CVE lists, and vendor advisories.
OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections
Summary Before OpenClaw 2026.4.2, remote CDP discovery could return a trailing-dot localhost host such as localhost. and bypass OpenClaw's loopback-host normalization. That let a non-loopback remote CDP profile pivot the follow-up connection back onto localhost. Impact A hostile discovery respons...
EUVD-2026-8620
Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "::1" and "::", but IPv4-mapped IPv6 is not...
Debian DLA-2522-1 : coturn security update
A flaw was discovered in coturn, a TURN and STUN server for VoIP. By default coturn does not allow peers on the loopback addresses 127.x.x.x and ::1. A remote attacker can bypass the protection via a specially crafted request using a peer address of '0.0.0.0' and trick coturn in relaying to the...