CWE-441
Allowed-with-ReviewUnintended Proxy or Intermediary ('Confused Deputy')
Abstraction: Class · Status: Draft
The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.
155 vulnerabilities reference this CWE, most recent first.
GHSA-GV3M-W9GF-FWXR
Vulnerability from github – Published: 2025-12-08 18:30 – Updated: 2025-12-08 21:30In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48536"
],
"database_specific": {
"cwe_ids": [
"CWE-441"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T17:16:14Z",
"severity": "HIGH"
},
"details": "In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-gv3m-w9gf-fwxr",
"modified": "2025-12-08T21:30:20Z",
"published": "2025-12-08T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48536"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/586f8dedd8e0e8a7ca5577cd1f06891f7e84e1e1"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GV46-4XFQ-JV58
Vulnerability from github – Published: 2026-03-02 23:24 – Updated: 2026-03-06 01:05Summary
A remote code execution (RCE) vulnerability in the gateway-to-node invocation path allowed an authenticated gateway client to bypass node-host exec approvals by injecting internal control fields into node.invoke parameters.
Affected Component
- Gateway method:
node.invokefor node commandsystem.run - Node host runner: exec approval gating for
system.run
Impact
If an attacker can authenticate to a gateway (for example via a leaked/shared gateway token or a paired device token with operator.write), they could execute arbitrary commands on connected node hosts that support system.run. This can lead to full compromise of developer workstations, CI runners, and servers running the node host.
Technical Details
The gateway forwarded user-controlled params to node hosts without sanitizing internal approval fields. The node host treated params.approved === true and/or params.approvalDecision as sufficient to skip the approval workflow.
Fix
Patched in OpenClaw 2026.2.14.
- Commits:
318379cdb8d045da0009b0051bd0e712e5c65e2da7af646fdab124a7536998db6bd6ad567d2b06b0c1594627421f95b6bc4ad7c606657dc75b5ad0ce0af76f5f0e93540efbdf054895216c398692afcd- Gateway strips untrusted approval control fields from
system.runuser input. - Gateway only re-attaches approval flags when
params.runIdreferences a validexec.approval.requestrecord and the request context matches. Approval IDs are bound to the requesting device identity (stable across reconnects), preventing replay by other clients. - Gateway forwards only an allowlisted set of
system.runparameters, preventing future control-field smuggling.
Mitigations
- Upgrade to
2026.2.14or later. - Restrict access to the gateway (do not expose it to untrusted networks/users).
- Rotate gateway credentials if you suspect token/password exposure.
- Disable remote command execution on nodes by blocking
system.runat the gateway (gateway.nodes.denyCommands) and/or by configuring node exec security todeny.
Credits
OpenClaw thanks @222n5 for reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-28466"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-441",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-02T23:24:54Z",
"nvd_published_at": "2026-03-05T22:16:19Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\nA remote code execution (RCE) vulnerability in the gateway-to-node invocation path allowed an authenticated gateway client to bypass node-host exec approvals by injecting internal control fields into `node.invoke` parameters.\n\n### Affected Component\n\n- Gateway method: `node.invoke` for node command `system.run`\n- Node host runner: exec approval gating for `system.run`\n\n### Impact\n\nIf an attacker can authenticate to a gateway (for example via a leaked/shared gateway token or a paired device token with `operator.write`), they could execute arbitrary commands on connected node hosts that support `system.run`. This can lead to full compromise of developer workstations, CI runners, and servers running the node host.\n\n### Technical Details\n\nThe gateway forwarded user-controlled `params` to node hosts without sanitizing internal approval fields. The node host treated `params.approved === true` and/or `params.approvalDecision` as sufficient to skip the approval workflow.\n\n### Fix\n\nPatched in **OpenClaw `2026.2.14`**.\n\n- Commits:\n - `318379cdb8d045da0009b0051bd0e712e5c65e2d`\n - `a7af646fdab124a7536998db6bd6ad567d2b06b0`\n - `c1594627421f95b6bc4ad7c606657dc75b5ad0ce`\n - `0af76f5f0e93540efbdf054895216c398692afcd`\n- Gateway strips untrusted approval control fields from `system.run` user input.\n- Gateway only re-attaches approval flags when `params.runId` references a valid `exec.approval.request` record and the request context matches. Approval IDs are bound to the requesting device identity (stable across reconnects), preventing replay by other clients.\n- Gateway forwards only an allowlisted set of `system.run` parameters, preventing future control-field smuggling.\n\n### Mitigations\n\n- Upgrade to `2026.2.14` or later.\n- Restrict access to the gateway (do not expose it to untrusted networks/users).\n- Rotate gateway credentials if you suspect token/password exposure.\n- Disable remote command execution on nodes by blocking `system.run` at the gateway (`gateway.nodes.denyCommands`) and/or by configuring node exec security to `deny`.\n\n### Credits\n\nOpenClaw thanks @222n5 for reporting this issue.",
"id": "GHSA-gv46-4xfq-jv58",
"modified": "2026-03-06T01:05:53Z",
"published": "2026-03-02T23:24:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gv46-4xfq-jv58"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28466"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/0af76f5f0e93540efbdf054895216c398692afcd"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/318379cdb8d045da0009b0051bd0e712e5c65e2d"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/a7af646fdab124a7536998db6bd6ad567d2b06b0"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/c1594627421f95b6bc4ad7c606657dc75b5ad0ce"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-node-invoke-approval-bypass"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway"
}
GHSA-H7V4-CRG3-VM5G
Vulnerability from github – Published: 2025-12-08 18:30 – Updated: 2025-12-08 21:30In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48586"
],
"database_specific": {
"cwe_ids": [
"CWE-441"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T17:16:15Z",
"severity": "HIGH"
},
"details": "In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-h7v4-crg3-vm5g",
"modified": "2025-12-08T21:30:20Z",
"published": "2025-12-08T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48586"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/services/Telephony/+/851fc787e96189a37f88cb9eaa688087883357c3"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HFFF-23QP-388W
Vulnerability from github – Published: 2026-06-02 00:31 – Updated: 2026-06-02 15:32In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48570"
],
"database_specific": {
"cwe_ids": [
"CWE-441"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T22:16:17Z",
"severity": "HIGH"
},
"details": "In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-hfff-23qp-388w",
"modified": "2026-06-02T15:32:01Z",
"published": "2026-06-02T00:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48570"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HMCR-RMJQ-47QR
Vulnerability from github – Published: 2026-06-17 14:08 – Updated: 2026-06-17 14:08Summary
The spreadsheet-import endpoint axiosRequestMake could be used as a generic
HTTP proxy. Before the fix it was reachable unauthenticated, and its
URL-extension allowlist was a regex tested against the full URL string, so
URLs whose query string ended in .csv (for example
https://example.com/robots.txt?.csv) satisfied the gate even though the
underlying request was for robots.txt.
Details
Three layers of protection now apply to the endpoint:
- The controller is decorated with
@UseGuards(DataApiLimiterGuard, GlobalGuard)and@Acl('fetchViaUrl'), so unauthenticated callers and callers without the editor role are rejected before the request body is processed. - The extension allowlist is tested against
url.pathnameonly. Callers can no longer satisfy the regex by appending a.csvsuffix to the query string. - The downstream axios call is wired to
useAgent(url)fromrequest-filtering-agent, which blocks RFC 1918, loopback, link-local, and other private destinations at the socket layer.
Impact
Unauthenticated callers could previously coerce the NocoDB process to issue HTTP requests on their behalf, including to internal services reachable from the host. With the auth gate in place and the pathname-anchored extension check combined with socket-layer destination filtering, the endpoint is no longer usable as a generic proxy and can no longer reach private ranges.
Credit
This issue was reported by the GitHub Security Lab (@p-, @m-y-mo).
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nocodb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.301.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53931"
],
"database_specific": {
"cwe_ids": [
"CWE-441",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-17T14:08:26Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nThe spreadsheet-import endpoint `axiosRequestMake` could be used as a generic\nHTTP proxy. Before the fix it was reachable unauthenticated, and its\nURL-extension allowlist was a regex tested against the full URL string, so\nURLs whose query string ended in `.csv` (for example\n`https://example.com/robots.txt?.csv`) satisfied the gate even though the\nunderlying request was for `robots.txt`.\n\n### Details\nThree layers of protection now apply to the endpoint:\n\n- The controller is decorated with `@UseGuards(DataApiLimiterGuard, GlobalGuard)`\n and `@Acl(\u0027fetchViaUrl\u0027)`, so unauthenticated callers and callers without\n the editor role are rejected before the request body is processed.\n- The extension allowlist is tested against `url.pathname` only. Callers can\n no longer satisfy the regex by appending a `.csv` suffix to the query\n string.\n- The downstream axios call is wired to `useAgent(url)` from\n `request-filtering-agent`, which blocks RFC 1918, loopback, link-local,\n and other private destinations at the socket layer.\n\n### Impact\nUnauthenticated callers could previously coerce the NocoDB process to issue\nHTTP requests on their behalf, including to internal services reachable from\nthe host. With the auth gate in place and the pathname-anchored extension\ncheck combined with socket-layer destination filtering, the endpoint is no\nlonger usable as a generic proxy and can no longer reach private ranges.\n\n### Credit\nThis issue was reported by the [GitHub Security Lab](https://securitylab.github.com/)\n([@p-](https://github.com/p-), [@m-y-mo](https://github.com/m-y-mo)).",
"id": "GHSA-hmcr-rmjq-47qr",
"modified": "2026-06-17T14:08:26Z",
"published": "2026-06-17T14:08:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-hmcr-rmjq-47qr"
},
{
"type": "PACKAGE",
"url": "https://github.com/nocodb/nocodb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint"
}
GHSA-HWRQ-8WXH-Q4XV
Vulnerability from github – Published: 2026-07-14 20:02 – Updated: 2026-07-14 20:02Summary
Anyquery's server mode does not restrict outbound HTTP requests initiated by its built-in SQLite virtual table modules (e.g., json_reader, log_reader). Unauthenticated attackers connecting to the MySQL-compatible server port can create virtual tables pointing to internal network endpoints or Cloud Metadata IPs (e.g., http://169.254.169.254/latest/meta-data/). This allows attackers to perform Server-Side Request Forgery (SSRF), bypassing external firewalls to scan internal ports and exfiltrate cloud credentials.
Details
When Anyquery is launched in Server Mode (anyquery server), it binds to a TCP port and accepts MySQL protocol connections. The server handler allows the creation of dynamic virtual tables using modules like json_reader or log_reader, which internally use go-getter to fetch URLs. There is no protection mechanism to prevent fetches to local (127.0.0.0/8), private (10.0.0.0/8), or special (169.254.169.254) IP addresses.
An attacker can use this to map internal networks, interact with internal APIs, or steal IAM tokens from cloud metadata servers by fetching the data and reading it as a database table.
PoC (Proof of Concept)
- Start the server on the victim machine (e.g., an AWS EC2 instance):
bash anyquery server --host 0.0.0.0 --port 8070 - Connect from an attacker machine:
bash mysql -u root -h <VICTIM_IP> -P 8070 - Execute the payload to fetch AWS Metadata or hit a local API: ```sql -- Payload 1: Fetch AWS Cloud Metadata (IAM credentials) CREATE VIRTUAL TABLE aws_meta USING log_reader('http://169.254.169.254/latest/meta-data/'); SELECT * FROM aws_meta;
-- Payload 2: Access an internal application bound only to localhost CREATE VIRTUAL TABLE local_admin USING log_reader('http://localhost:8000/admin'); SELECT * FROM local_admin LIMIT 10; ```
Impact
- Confidentiality: High. Exfiltration of sensitive internal network data or cloud credentials.
- Integrity: Low. Possible interaction with state-changing internal REST APIs.
- Availability: None.
- CVSS Score: 8.6 (High) -
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Remediation
By default, in Server Mode, remote HTTP fetches to local/private IP ranges and known Cloud Metadata IP addresses should be blocked unless explicitly enabled via configuration.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 0.4.5"
},
"package": {
"ecosystem": "Go",
"name": "github.com/julien040/anyquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54628"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-441",
"CWE-862",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-14T20:02:06Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\nAnyquery\u0027s `server` mode does not restrict outbound HTTP requests initiated by its built-in SQLite virtual table modules (e.g., `json_reader`, `log_reader`). Unauthenticated attackers connecting to the MySQL-compatible server port can create virtual tables pointing to internal network endpoints or Cloud Metadata IPs (e.g., `http://169.254.169.254/latest/meta-data/`). This allows attackers to perform Server-Side Request Forgery (SSRF), bypassing external firewalls to scan internal ports and exfiltrate cloud credentials.\n\n## Details\nWhen Anyquery is launched in **Server Mode** (`anyquery server`), it binds to a TCP port and accepts MySQL protocol connections. The server handler allows the creation of dynamic virtual tables using modules like `json_reader` or `log_reader`, which internally use `go-getter` to fetch URLs. There is no protection mechanism to prevent fetches to local (127.0.0.0/8), private (10.0.0.0/8), or special (169.254.169.254) IP addresses. \n\nAn attacker can use this to map internal networks, interact with internal APIs, or steal IAM tokens from cloud metadata servers by fetching the data and reading it as a database table.\n\n## PoC (Proof of Concept)\n1. Start the server on the victim machine (e.g., an AWS EC2 instance):\n ```bash\n anyquery server --host 0.0.0.0 --port 8070\n ```\n2. Connect from an attacker machine:\n ```bash\n mysql -u root -h \u003cVICTIM_IP\u003e -P 8070\n ```\n3. Execute the payload to fetch AWS Metadata or hit a local API:\n ```sql\n -- Payload 1: Fetch AWS Cloud Metadata (IAM credentials)\n CREATE VIRTUAL TABLE aws_meta USING log_reader(\u0027http://169.254.169.254/latest/meta-data/\u0027);\n SELECT * FROM aws_meta;\n\n -- Payload 2: Access an internal application bound only to localhost\n CREATE VIRTUAL TABLE local_admin USING log_reader(\u0027http://localhost:8000/admin\u0027);\n SELECT * FROM local_admin LIMIT 10;\n ```\n\n## Impact\n- **Confidentiality:** High. Exfiltration of sensitive internal network data or cloud credentials.\n- **Integrity:** Low. Possible interaction with state-changing internal REST APIs.\n- **Availability:** None.\n- **CVSS Score:** 8.6 (High) - `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N`\n\n## Remediation\nBy default, in Server Mode, remote HTTP fetches to local/private IP ranges and known Cloud Metadata IP addresses should be blocked unless explicitly enabled via configuration.",
"id": "GHSA-hwrq-8wxh-q4xv",
"modified": "2026-07-14T20:02:06Z",
"published": "2026-07-14T20:02:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/julien040/anyquery/security/advisories/GHSA-hwrq-8wxh-q4xv"
},
{
"type": "PACKAGE",
"url": "https://github.com/julien040/anyquery"
},
{
"type": "WEB",
"url": "https://github.com/julien040/anyquery/releases/tag/0.4.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Anyquery: Server-Side Request Forgery (SSRF) via Unrestricted SQLite Virtual Table Modules in Server Mode"
}
GHSA-J7RJ-X55G-HC96
Vulnerability from github – Published: 2025-09-04 21:31 – Updated: 2025-09-04 21:31In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48551"
],
"database_specific": {
"cwe_ids": [
"CWE-441"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T19:15:42Z",
"severity": "MODERATE"
},
"details": "In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.",
"id": "GHSA-j7rj-x55g-hc96",
"modified": "2025-09-04T21:31:38Z",
"published": "2025-09-04T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48551"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/13c30b464d042f3e00899ffcf1c02b76bc35f769"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-09-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JCCV-FJR8-JXPQ
Vulnerability from github – Published: 2025-12-08 18:30 – Updated: 2025-12-08 21:30In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48555"
],
"database_specific": {
"cwe_ids": [
"CWE-441"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T17:16:14Z",
"severity": "HIGH"
},
"details": "In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-jccv-fjr8-jxpq",
"modified": "2025-12-08T21:30:20Z",
"published": "2025-12-08T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48555"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/596c7b9911f2004df83b8d2708ad4b50e8d53805"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JJ45-XVQ5-RHH9
Vulnerability from github – Published: 2026-04-25 21:30 – Updated: 2026-05-05 20:24A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The patch is identified as 0284a5bcf92b5a7ee015300ce3051baf7ae4718d. Applying a patch is advised to resolve this issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/go-kratos/kratos/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.9.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6993"
],
"database_specific": {
"cwe_ids": [
"CWE-441"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T20:24:19Z",
"nvd_published_at": "2026-04-25T19:16:00Z",
"severity": "MODERATE"
},
"details": "A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The patch is identified as 0284a5bcf92b5a7ee015300ce3051baf7ae4718d. Applying a patch is advised to resolve this issue.",
"id": "GHSA-jj45-xvq5-rhh9",
"modified": "2026-05-05T20:24:19Z",
"published": "2026-04-25T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6993"
},
{
"type": "WEB",
"url": "https://github.com/go-kratos/kratos/issues/3810"
},
{
"type": "WEB",
"url": "https://github.com/go-kratos/kratos/pull/3814"
},
{
"type": "WEB",
"url": "https://github.com/Yanhu007/kratos/commit/0284a5bcf92b5a7ee015300ce3051baf7ae4718d"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-kratos/kratos"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/797099"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/359545"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/359545/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Kratos has a Confused Deputy issue"
}
GHSA-JJ67-W8GJ-6WHM
Vulnerability from github – Published: 2025-12-08 18:30 – Updated: 2025-12-08 21:30In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48628"
],
"database_specific": {
"cwe_ids": [
"CWE-441"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T17:16:19Z",
"severity": "HIGH"
},
"details": "In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-jj67-w8gj-6whm",
"modified": "2025-12-08T21:30:21Z",
"published": "2025-12-08T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48628"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/9489a5dcd3cdd426d5b39d9caf6bb78142af2399"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Enforce the use of strong mutual authentication mechanism between the two parties.
Mitigation
Whenever a product is an intermediary or proxy for transactions between two other components, the proxy core should not drop the identity of the initiator of the transaction. The immutability of the identity of the initiator must be maintained and should be forwarded all the way to the target.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.
CAPEC-465: Transparent Proxy Abuse
A transparent proxy serves as an intermediate between the client and the internet at large. It intercepts all requests originating from the client and forwards them to the correct location. The proxy also intercepts all responses to the client and forwards these to the client. All of this is done in a manner transparent to the client.