Ylchen-007

**Name of the Vulnerable Software and Affected Versions** LibreChat versions prior to 0.8.4-rc1 **Description** LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The Model Context Protocol (MCP) server integration improperly resolves `${VAR}` placeholders against the server's `process.env` during Zod schema validation of user-supplied MCP server URLs. An authenticated user can create a malicious MCP server configuration with a URL pointing to an attacker-controlled domain containing environment variable references. This causes the LibreChat server to connect to the attacker's server and transmit critical secrets in the request URL, such as `CREDS KEY`, `CREDS IV`, `JWT SECRET`, and `MONGO URI`. This flaw allows for the full compromise of the installation's cryptographic materials and database credentials without requiring administrative privileges. Over 14,800 results were identified via FOFA queries in the past year. **Recommendations** Upgrade to version 0.8.4-rc1 or later.

**Name of the Vulnerable Software and Affected Versions** DeepChat versions prior to 1.0.4-beta.1 **Description** An incomplete mitigation for a previous issue allows for an arbitrary protocol execution bypass, which can lead to remote code execution (RCE). While restrictions were applied to the `api.openExternal()` function within the renderer's preload/index.ts script, native Electron pop-up window handlers were not sanitized. An attacker or a compromised AI endpoint can provide a Markdown link that triggers a `target=" blank"` native window interception in `tabPresenter.ts`. This process forwards the malicious URL directly to `shell.openExternal(url)`, bypassing the `isValidExternalUrl` security boundary. **Recommendations** Update to version 1.0.4-beta.1.

**Name of the Vulnerable Software and Affected Versions** Angular versions prior to 19.2.21 Angular versions prior to 20.3.19 Angular versions prior to 21.2.9 Angular versions prior to 22.0.0-next.8 **Description** A Server-Side Request Forgery (SSRF) issue exists in `@angular/platform-server` due to improper URL handling during Server-Side Rendering (SSR). When a request containing a backslash (e.g., `GET /evil.com/`) is processed, the URL parser normalizes the backslash to a forward slash for HTTP/HTTPS schemes. This causes the application to misinterpret the attacker's domain as the local origin. As a result, relative `HttpClient` requests or `PlatformLocation.hostname` references are redirected to the attacker-controlled server, which may expose internal APIs or metadata services. This affects the `renderModule()`, `renderApplication()`, and `CommonEngine` functions. **Recommendations** Update to version 19.2.21. Update to version 20.3.19. Update to version 21.2.9. Update to version 22.0.0-next.8. Implement middleware to sanitize the request URL by stripping or normalizing leading slashes to ensure the URL starts with a single forward slash before it reaches Angular.

**Name of the Vulnerable Software and Affected Versions** nanobot versions prior to 0.1.5 **Description** A Cross-Site WebSocket Hijacking (CSWSH) issue exists in the bridge's WebSocket server within `bridge/src/server.ts`. The server does not validate the Origin header during the WebSocket handshake, and token authentication via the `BRIDGE TOKEN` parameter is disabled by default. Since browsers do not enforce the Same-Origin Policy on WebSockets unless the server explicitly denies cross-origin connections, any website visited by a user can establish a connection to the endpoint 'ws://127.0.0.1:3001/'. This allows an attacker to gain full access to the bridge API, hijack the WhatsApp session, read incoming messages, steal authentication QR codes, and send messages on behalf of the user. **Recommendations** Update to version 0.1.5.

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw versions prior to 2026.3.25 contain a server-side request forgery vulnerability in multiple channel extensions. The issue arises from a failure to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected `fetch()` calls against configured endpoints to redirect requests to blocked internal destinations and access restricted resources. This allows attackers to use the agent as a pivot point to access internal resources. Recommendations Update to version 2026.3.25 or later.

**Name of the Vulnerable Software and Affected Versions** AnythingLLM versions prior to 1.10.0 **Description** AnythingLLM is an application that turns content into context for Large Language Models (LLMs). A critical Path Traversal issue exists in the DrupalWiki integration for versions prior to 1.10.0. This allows a malicious administrator, or an attacker who can manipulate an administrator into configuring a malicious DrupalWiki URL, to write arbitrary files to the server. This could lead to Remote Code Execution (RCE) through overwriting configuration files or writing executable scripts. The API endpoint involved is not explicitly mentioned. The vulnerable parameter is the DrupalWiki URL configured by the administrator, `drupal wiki url`. **Recommendations** Versions prior to 1.10.0 should be updated to version 1.10.0 or later.

**Name of the Vulnerable Software and Affected Versions** xmall version 1.1 **Description** Multiple Cross-Site Scripting (XSS) issues are present due to improper handling of user-supplied data. User input fields, including `username` and `description`, are directly rendered into HTML without appropriate sanitization or encoding. This allows attackers to inject and execute malicious scripts. **Recommendations** Update to a newer version that contains a fix for this vulnerability.