CVE-2026-43929 ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...

fast-uri vulnerable to path traversal via percent-encoded dot segments

Impact fast-uri v3.1.0 and earlier decodes percent-encoded path separators %2F and dot segments %2E before applying dot-segment removal in normalize and equal. This makes encoded path data behave like real / and .., so distinct URIs collapse onto the same normalized path. For example,...

CVE-2026-43532 OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

CVE-2026-43532

OpenClaw 2026.4.7

EUVD-2026-27275

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the gettemplate function. An attacker can access arbitrary files readable by the process by supplying a specially crafted URI with a double-slash prefix, which bypasses path normalization checks. Note: This is...

BIT-MASTODON-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...

CVE-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...

CVE-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...

opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler. The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

CVE-2026-3125 SSRF vulnerability in opennextjs-cloudflare via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

CVE-2026-3125

CVE-2026-3125 affects the @opennextjs/cloudflare package and its /cdn-cgi/image/ handler. A path normalization bypass (using a backslash in the path, e.g., /cdn-cgi\image/…) can bypass Cloudflare edge interception, allowing requests to reach the Worker and trigger an unvalidated fetch of arbitrar...

CVE-2026-3125 SSRF vulnerability in opennextjs-cloudflare via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

PT-2026-23032

Name of the Vulnerable Software and Affected Versions @opennextjs/cloudflare affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the @opennextjs/cloudflare package. This is due to a path normalization bypass in the /cdn-cgi/image/ handler. Specifically,...

OpenNext for Cloudflare 安全漏洞

OpenNext for Cloudflare is an OpenNext open-source adapter that allows deploying Next.js applications on Cloudflare. There is a security vulnerability in OpenNext for Cloudflare, which stems from path normalization bypasses. This vulnerability may lead to server-side request forgeing and private...

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict via the middleware matching engine when router options like ignoreDuplicateSlashes, useSemicolonDelimiter, or other trailing-slash normalization are enabled. An...

GO-2025-4206 Path Normalization Bypass in Traefik Router + Middleware Rules in github.com/traefik/traefik

Path Normalization Bypass in Traefik Router + Middleware Rules in github.com/traefik/traefik...

SUSE CVE-2025-66490

Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters /, , Null,...

CVE-2025-66490

CVE-2025-66490 affects Traefik, where versions prior to 2.11.32 and 2.11.31–3.6.2 could bypass path normalization when using PathPrefix, Path, or PathRegex matchers. Under path-based routing, requests containing URL-encoded restricted characters (/, , Null, ;, ?, #) may bypass the middleware chai...

CVE-2025-66490 Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules

Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters /, , Null,...