Summary
ZeroClaw's bundled egress-deny iptables rule allowed RFC1918 destinations by default. A prompt-injected agent could scan the local network for HTTP services. Default policy tightened to loopback-only in 0.5.6.
Details
| CVE ID | CVE-2026-24447 |
| Severity | medium (6.5) |
| CVSS vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Published | 2026-03-04 |
| Patched | 2026-03-06 |
| Affected versions | 0.5.0 – 0.5.5 |
| Fixed in | 0.5.6 |
| Exploited in the wild | no known exploitation |
Affected projects
What to do
- If you run an affected version: upgrade to
0.5.6immediately. Do not delay this for convenience reasons. - Rotate any credentials that may have been exposed via the affected component.
- Audit your logs for indicators of exploitation — unexpected outbound traffic, anomalous tool calls, unfamiliar authenticated sessions.
- If exploitation is confirmed, treat the host as compromised: rebuild from a clean image, rotate every secret on the host, audit lateral movement.
Sources
- NIST NVD: CVE-2026-24447 on NVD
See also: all CVEs, tracked agents, methodology.