Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.5 views

CVE-2026-28477

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 10:16 p.m.10 views

CVE-2026-28477

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

7.1CVSS0.00133EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 10:16 p.m.3 views

CVE-2026-28477

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

7.1CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28477 OpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login Flow

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 9:59 p.m.5 views

EUVD-2026-9923

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

5.9CVSS6AI score0.00133EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.30 views

CVE-2026-28477 OpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login Flow

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

7.1CVSS0.00133EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.14 views

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has a security vulnerability that stems from an OAuth stateful authentication bypass issue in the manual Chutes login process, which can be exploited by an attacker to bypass CSRF protections for credential replacement...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-23552

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The manual Chutes OAuth login flow in OpenClaw is susceptible to a bypass of OAuth CSRF state validation. This allows an attacker to bypass CSRF protection by convincing a user to paste...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References8
Rows per page
Query Builder