agents
19 known vulnerabilities · 0 critical · 0 high
Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing
Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site
Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler
Paperclip: Cross-tenant agent API key IDOR in `/agents/:id/keys` routes allows full victim-company compromise
Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys
Malicious code in microsoft-agents-auth-service (npm)
OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts
OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
OpenClaw: Sandboxed agents could escape exec routing via host=node override
OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries
OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write
Duplicate Advisory: OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
Malicious code in scrapy-user-agents (npm)
`OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
Duplicate Advisory: `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
Malicious code in agents-a365-runtime (npm)
Malicious code in com.unity.ml-agents (npm)
Malicious code in top-crawl-agents (npm)