Summary
Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-V3F4-W7R7-V3HM
Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests
- MEDIUMGHSA-MPC8-JXJH-QPGH
OpenClaw: Focus command could miss controlScope enforcement
- MEDIUMGHSA-72FW-CQH5-F324
OpenClaw: memory-wiki shared search could miss session visibility checks
- HIGHGHSA-HJWC-26PJ-V3PM
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
- HIGHGHSA-J8CV-X86Q-RJ85
Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID
- HIGHGHSA-R3W8-2C5R-H9J9
Kirby: `pages.access` permission is not checked in the `site/find` REST API route