AI Threat Alert
LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass
OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes
local-deep-research has an SSRF bypass in `safe
Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation
Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate
Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function
OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes
langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery
vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load_from
powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF). This vulnerability stems from the way the StringLookup layer is handled during model loading from
source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet
Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF
IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders