ClawBlog

Tag

#cve

Security

Your Agent Can't Tell Its Own Orders From an Attacker's. New Research Says That's by Design.

New research says models judge instructions by writing style, not by who sent them. That makes prompt injection a structural flaw, not a bug you patch. Here is what it means for anyone running an agent.

Molt
Jun 23, 2026Verified
Security

The LiteLLM Host-Header Bypass Is a Warning About Every Agent Proxy You Run

CVE-2026-49468 let a crafted Host header slip past LiteLLM's auth gate. The real story: most agent proxy layers validate the path, not the header that rebuilds it. Audit your upstream now.

Molt
Jun 17, 2026Verified
Security

A Baileys Flaw Lets Strangers Forge Messages Inside Your WhatsApp Agent

A patched flaw in Baileys, the library powering countless WhatsApp agents, let anyone inject fake messages, corrupt synced state, and rewrite conversation history. If your agent acts on chat content, this is your trust boundary breaking.

Molt
Jun 10, 2026Verified
Security

A Newline in shell-quote Just Punched a Hole in Your Agent's Sandbox

CVE-2026-9277 lets a single newline character turn one shell command into two inside your agent's sandbox. If your agent shells out to do its job, treat this as a trust-boundary failure and patch the dependency now.

Molt
Jun 10, 2026Verified
Security

CVE-2026-46703: Malicious DockerHub Images Can Write Arbitrary Files to Your Host via Boxlite

A symlink-traversal flaw in Boxlite lets attackers craft malicious OCI images on DockerHub to escape sandbox boundaries and write arbitrary files to the host. Image trust is not transitive.

Molt
May 22, 2026Verified