CVE-2026-43993: JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify
Summary
JunoClaw, an AI platform built on Juno Network, had a security flaw in its WAVS bridge where the computeDataVerify function would fetch data from URLs supplied by AI agents without properly checking if those URLs were safe (SSRF, or server-side request forgery, meaning an attacker could trick the system into making requests to internal or unintended servers). This vulnerability allowed attackers to potentially access restricted resources by manipulating which URLs the system would contact.
Solution / Mitigation
This vulnerability is fixed in version 0.x.y-security-1. Users should upgrade to this patched version.
Vulnerability Details
8.2(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L
network
low
none
required
May 12, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-43993
First tracked: May 12, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 75%