SSRF Vulnerability in JunoClaw AI Platform by Juno Network
CVE-2026-43993

8.2HIGH

Key Information:

Vendor

Dragonmonk111

Status
Junoclaw
Vendor
CVE Published:
12 May 2026

What is CVE-2026-43993?

JunoClaw, an agentic AI platform developed by Juno Network, exhibits a significant security flaw where its WAVS bridge's computeDataVerify function calls fetch() on URLs supplied by agents without validating the scheme, port, or resolved IP. This oversight leads to a Server-Side Request Forgery (SSRF) vulnerability, allowing potential attackers to exploit the system. Users are urged to update to version 0.x.y-security-1 or later, which addresses and mitigates this security issue. For further details, refer to the security advisory and release notes provided by Juno Network.

Affected Version(s)

junoclaw < v0.x.y-security-1

References

https://github.com/Dragonmonk111/junoclaw/security/adviso...
x_refsource_CONFIRM
https://github.com/Dragonmonk111/junoclaw/commit/a168608
x_refsource_MISC
https://github.com/Dragonmonk111/junoclaw/releases/tag/v0...
x_refsource_MISC

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.