Skip to main content

JunoClaw EUVDEUVD-2026-29542

| CVE-2026-43993 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-12 GitHub_M
8.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
Source Code Evidence Fetched
May 12, 2026 - 17:17 vuln.today
Analysis Generated
May 12, 2026 - 17:17 vuln.today
CVE Published
May 12, 2026 - 16:29 nvd
HIGH 8.2

DescriptionGitHub Advisory

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.

AnalysisAI

Server-Side Request Forgery in JunoClaw's WAVS bridge allows remote attackers to exploit the computeDataVerify function, which fetched agent-supplied URLs without validating scheme, port, or resolved IP addresses. Attackers can trick the bridge into accessing internal cloud metadata services (AWS, GCP), RFC 1918 private networks, databases, and admin APIs running on non-standard ports. Exploitation requires user interaction (UI:R) but no authentication (PR:N), with cross-scope impact (S:C) allowing high confidentiality breach and low availability impact. Fixed in version 0.x.y-security-1 via commit a168608, which implements a comprehensive SSRF guard with scheme/port allowlists, DNS private-IP blocking for both IPv4 and IPv6 ranges, request timeouts, and body size caps. No CISA KEV listing or public exploit code identified at time of analysis.

Technical ContextAI

JunoClaw is an agentic AI platform built on Juno Network (Cosmos SDK blockchain). The vulnerable computeDataVerify function in the WAVS bridge component performs on-chain event verification by fetching arbitrary URLs submitted by AI agents to validate external data sources. The bridge runs with operator credentials and network access, making it a high-value SSRF target. CWE-918 (Server-Side Request Forgery) occurs when applications fetch remote resources based on user-controlled input without validating the destination. The commit diff shows the vulnerability existed in bridge/src/local-compute.ts where fetch(url) was called directly on agent-supplied URLs. The fix introduces safeFetch() from utils/ssrf-guard.ts, which performs multi-layered validation: scheme allowlist (http/https only, blocking file://, ftp://, gopher://), port allowlist (80/443 by default, blocking database ports 6379/5432, Cosmos RPC 26657, SSH 22), DNS resolution followed by private IP blocking against IPv4 ranges (10/8, 172.16/12, 192.168/16, 127/8, 169.254/16, 100.64/10, multicast, TEST-NET) and IPv6 ranges (::1, fc00::/7, fe80::/10, ff00::/8, plus IPv4-mapped forms), 5-second timeout via AbortController, and 1 MiB body cap with mid-stream abort. The fix also applies defense-in-depth to the computeDrandRandomness function fetching drand.love public randomness API, preventing DNS hijacks from routing requests to private IPs. CPE cpe:2.3:a:dragonmonk111:junoclaw:*:*:*:*:*:*:*:* indicates all versions prior to 0.x.y-security-1 are affected.

RemediationAI

Upgrade to JunoClaw version 0.x.y-security-1 or later from https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1, which includes commit a168608 implementing the SSRF guard. The patch replaces direct fetch() calls with safeFetch() from bridge/src/utils/ssrf-guard.ts, enforcing scheme allowlist (http/https only), port allowlist (80/443 by default), DNS-based private IP blocking for all IPv4 and IPv6 reserved ranges, 5-second request timeout, and 1 MiB response body cap. Operators can customize defenses via environment variables: JUNOCLAW_SSRF_ALLOWED_SCHEMES (default http,https), JUNOCLAW_SSRF_ALLOWED_PORTS (default 80,443), JUNOCLAW_SSRF_TIMEOUT_MS (default 5000), JUNOCLAW_SSRF_MAX_BYTES (default 1048576). Run npm run ssrf-guard-test from the bridge/ directory to verify the patch with regression tests covering AWS/GCP metadata endpoints, RFC 1918 ranges, IPv6 literals, and DNS rebinding scenarios. If upgrading is not immediately feasible, implement network-level controls: deploy the bridge in a restrictive security group or firewall that blocks outbound access to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8, 169.254.0.0/16, cloud metadata endpoints 169.254.169.254 and metadata.google.internal), database ports (6379, 5432), blockchain RPC ports (26657), and non-HTTP(S) protocols, though this approach cannot prevent application-layer bypasses and adds operational complexity. Advisory available at https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-q545-mvjf-q9pg.

Share

EUVD-2026-29542 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy