network-ai
js · network-aiHeads-up
network-ai: Path traversal vulnerability in AgentRuntime sandbox
Path containment checks in AgentRuntime and SandboxPolicy used raw string prefix tests (startsWith), allowing sibling directories
20 Jun 2026 · schedule it
js · network-aiHeads-up
network-ai ApprovalInbox Missing Authentication and Wildcard CORS
The ApprovalInbox HTTP server in network-ai <=5.
20 Jun 2026 · schedule it
js · network-aiHeads-up
network-ai: Symlink traversal in EnvironmentManager.backup()
EnvironmentManager.backup() follows symlinks when collecting backup files, allowing an attacker who can place a symlink under the
20 Jun 2026 · schedule it
js · network-aiHeads-up
Network-AI: Path Traversal in EnvironmentManager.restore()
EnvironmentManager.restore() in Network-AI before 5.12.2 does not validate backupId, allowing path traversal to copy arbitrary dir
20 Jun 2026 · schedule it
js · network-aiCritical
network-ai: Arbitrary file deletion via backup manifest path (CVE-2024-XXXXX)
EnvironmentManager.listBackups() trusts the 'path' field in backup manifests, and EnvironmentManager.pruneBackups() passes that pa
20 Jun 2026 · act now