PT-2026-40105 · Dragonmonk111 · Junoclaw

Published

2026-05-12

Updated

2026-05-12

CVE-2026-43993

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-43993

Affected Products

Junoclaw

PT-2026-40105 · Dragonmonk111 · Junoclaw

CVE-2026-43993

Weakness Enumeration

Related Identifiers

Affected Products

References · 4