CVE-2026-56663

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

EUVD-2026-39798

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

CVE-2026-56663

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

CVE-2026-53250 xsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata()

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

CVE-2026-47389

Mastodon vulnerability CVE-2026-47389 affects older Ruby runtimes (

CVE-2026-47389 Mastodon: SSRF protection bypass on older Ruby versions

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...

EUVD-2026-38366

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

CVE-2026-56266

CVE-2026-56266 affects Crawl4AI prior to 0.8.7. The vulnerability is a server-side request forgery in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user‑supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6‑mappe...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/core: The handling of buffer mapping fails correctly in perfmmap. After a buffer is successfully allocated or attached to an existing buffer, perfmmap attempts to map the buffer into the page table in read-only mode. If this...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RISC-V: Ensure that port I/O string accessors actually work properly. Fixed port I/O string accessors such as insb’, outsb’, etc., which use the physical PCI port I/O address instead of the corresponding memory mapping to acce...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fixed a data leak in the mmioread function. The mmioread function calls a TDVMCALL to retrieve MMIO data for a given address from the VMM. Sean noticed that mmioread inadvertently exposes the value of an initialized...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: added a missing condition check for the existence of the mapped data. The function nvmemapdata is called when the request contains physical segments; therefore, the function nvmeunmapdata should also have the same...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fixed the issue where immediate work requests were flushed to the completion queue. The opcode of the send queue element was correctly set during the flushing of immediate work requests in the post-sendqueue operation...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Open-coded GGTT MMIO access protection. GGTT MMIO access is currently protected by hotplug drmdeventer, which works correctly when the driver loads successfully and is later unbound or unloaded. However, if the driver loa...

Astra Linux – Vulnerability in netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling during the parsing of crafted XML files writing outside of a memory region created by mmap...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-Buffer: Do not trigger WARNON due to a commitoverrun. When reading a memory-mapped buffer, the reader page is simply swapped out with the last page written to the write buffer. If the reader page is the same as the commit...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fixed the “in-kernel MMIO” check TDX only supports MMIO operations initiated by the kernel. The handlemmio function checks whether the VE exception occurred in the kernel and rejects the operation if it did. However, the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fixed the flushtlbrange function when it is used to zap normal PMD entries PMD entries that point to page tables, along with the PTE entries in the pointed-to page table. In the arm64 version of flushtlbrange, there is a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Handle wraparound when searching for blocks for indirectly mapped blocks The commit 4865c768b563 states that “ext4: Always allocate blocks only from groups that inode can use” restricts the blocks that will be allocated for...

Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...