PocketClawAI security alerts
Sign in
vulnerabilitymedium · CVSS 6.5patched

CVE-2026-24447

ZeroClaw — local network scan via misconfigured iptables rule

Timeline
Disclosed2026-03-04Patch available2026-03-06Patched2026-05-03

Each rust dot is a disclosed event in this advisory's life: when it was published, when (if ever) a patch shipped and where things stand today (the dashed line). Ghosted dots are events that haven't happened yet.

Summary

ZeroClaw's bundled egress-deny iptables rule allowed RFC1918 destinations by default. A prompt-injected agent could scan the local network for HTTP services. Default policy tightened to loopback-only in 0.5.6.

Details

CVE IDCVE-2026-24447
Severitymedium (6.5)
CVSS vectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Published2026-03-04
Patched2026-03-06
Affected versions0.5.0 – 0.5.5
Fixed in0.5.6
Exploited in the wildno known exploitation

Affected AI agents

ZeroClaw
Are you running ZeroClaw?Paste your docker-compose.yml or requirements.txt and we'll tell you in 10 seconds whether CVE-2026-24447 hits your stack.
Scan my AI stack →

What to do

  • If you run an affected version: upgrade to 0.5.6 immediately. Do not delay this for convenience reasons.
  • Rotate any credentials that may have been exposed via the affected component.
  • Audit your logs for indicators of exploitation — unexpected outbound traffic, anomalous tool calls, unfamiliar authenticated sessions.
  • If exploitation is confirmed, treat the host as compromised: rebuild from a clean image, rotate every secret on the host, audit lateral movement.

Sources

Are you affected?

Type the version you have installed. We check it against 0.5.0 – 0.5.5.

This is a best-effort check. When in doubt, upgrade to 0.5.6.

See also: all AI CVEs, AI agents tracker, scan your AI stack, Pro alerts, methodology.