{"data":{"id":"6025c309-2d54-4630-a0d3-be119d171060","title":"CVE-2026-43993: JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify","summary":"JunoClaw, an AI platform built on Juno Network, had a security flaw in its WAVS bridge where the computeDataVerify function would fetch data from URLs supplied by AI agents without properly checking if those URLs were safe (SSRF, or server-side request forgery, meaning an attacker could trick the system into making requests to internal or unintended servers). This vulnerability allowed attackers to potentially access restricted resources by manipulating which URLs the system would contact.","solution":"This vulnerability is fixed in version 0.x.y-security-1. Users should upgrade to this patched version.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-43993","publishedAt":"2026-05-12T17:16:21.380Z","cveId":"CVE-2026-43993","cweIds":["CWE-918"],"cvssScore":"8.2","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["JunoClaw","Juno Network"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T17:16:21.380Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}