Xubin Ren

3 exploits Active since Jun 2026
CVE-2026-49138 WRITEUP MEDIUM WRITEUP
Nanobot < 0.2.1 - Server-Side Request Forgery via Web Fetch Tool Redirect Following
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the automatic HTTP redirect following behavior in the httpx library to bypass initial URL validation and cause the runtime to send outbound requests to internal hosts before final resolved URL validation is applied.
CVSS 5.0
CVE-2026-49139 WRITEUP HIGH WRITEUP
Nanobot < 0.2.1 - Server-Side Request Forgery via Microsoft Teams Channel ServiceURL Poisoning
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the stored conversation reference by sending a crafted inbound activity to the Teams webhook, causing subsequent bot replies to transmit token-bearing Authorization header requests to an attacker-controlled host.
CVE-2026-49140 WRITEUP MEDIUM WRITEUP
Nanobot < 0.2.1 - Authenticated Denial of Service via Matrix Media Download Handler
Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurrent Matrix media events with omitted or invalid declared sizes to trigger simultaneous large media downloads that fully materialize response bodies before post-download rejection, consuming process resources until service degradation occurs.
CVSS 4.3