CVE-2026-43993HIGH 8.2EPSS p13.6%

CVE-2026-43993CVE-2026-43993

Description

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L
EPSS0.23% probability of exploitation · percentile 13.6% · 2026-06-18T12:00:27Z
Published2026-05-12
Last modified2026-05-13

Underlying weaknesses· 1

CWE-918

References

  1. https://github.com/Dragonmonk111/junoclaw/commit/a168608
  2. https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1
  3. https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-q545-mvjf-q9pg

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-43989
CVE
CVE-2026-43991
CVE
CVE-2026-43992
CVE
CVE-2026-43990
CVE
CVE-2026-44335
CVE
CVE-2025-28197
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.