langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks

OpenClaw: QQBot direct media upload skipped URL SSRF validation

used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This

counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input. This vulnerability is fixed

Fickling has a detection bypass via stdlib network-protocol constructors

Penetration Testing of Agentic AI: A Comparative Security Analysis Across Models and Frameworks

system and 13 distinct attack scenarios that span prompt injection, Server Side Request Forgery (SSRF), SQL injection, and tool misuse. Our 130 total test cases reveal significant security disparities: AutoGen