CVE-2026-43993 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: May 12, 2026
JunoClaw - Server Side Request Forgery
Overview
JunoClaw < 0.x.y-security-1 contains a server side request forgery caused by unvalidated fetch() calls on agent-supplied URLs in WAVS bridge's computeDataVerify, letting attackers make arbitrary requests, exploit requires attacker control of agent-supplied URLs.
Severity & Score
Impact
Attackers can make arbitrary requests from the server, potentially accessing internal resources or sensitive data.
Mitigation
Update to version 0.x.y-security-1 or later.
References
Social Media Activity(2 posts)
š CVE-2026-43993 - High (8.2) JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. Thi... š https://www.thehackerwire.com/vulnerability/CVE-2026-43993/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-43993 - High (8.2) JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. Thi... š https://www.thehackerwire.com/vulnerability/CVE-2026-43993/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-43993
- Severity
- High
- CVSS Score
- 8.2
- Type
- server_side_request_forgery
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-918
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L