CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/11 4:46 p.m.•6 views

CVE-2026-45006

8.8CVSS5.8AI score0.00127EPSS

Cvelist•added 2026/05/11 4:46 p.m.•27 views

CVE-2026-45006 OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass

8.8CVSS0.00127EPSS

CNNVD•added 2026/05/11 12:0 a.m.•6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the gateway tools config.apply and config.patch, allowing compromised models...

8.8CVSS5.9AI score0.00127EPSS

Exploits0References1

EUVD•added 2026/04/24 12:31 a.m.•1 views

EUVD-2026-25333

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent...

NVD•added 2026/04/23 10:16 p.m.•2 views

CVE-2026-41349

8.8CVSS0.00136EPSS

ATTACKERKB•added 2026/04/23 9:58 p.m.•1 views

CVE-2026-41349

Vulnrichment•added 2026/04/23 9:58 p.m.•1 views

CVE-2026-41349 OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch

8.8CVSS5.6AI score0.00136EPSS

CVE•added 2026/04/23 9:58 p.m.•12 views

CVE-2026-41349

CVE-2026-41349 affects OpenClaw prior to 2026.3.28. The vulnerability is described as an agentic consent bypass via the config.patch parameter, enabling LLM agents to silently disable execution approval and bypass security controls, allowing unauthorized operations without user consent. The conne...

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/23 12:0 a.m.•3 views

PT-2026-34780

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An agentic consent bypass allows LLM agents to silently disable execution approval. Remote attackers can exploit this by using the config.patch parameter to bypass security controls and execute...

8.8CVSS5.6AI score0.00136EPSS

Exploits0References7

CNNVD•added 2026/04/23 12:0 a.m.•7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a proxy consent bypass vulnerability, which allowed LLM proxies to silently disable approval execution...

8.8CVSS5.9AI score0.00136EPSS

Exploits0References1

Github Security Blog•added 2026/04/03 3:3 a.m.•5 views

OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`

Summary Agentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via config.patch Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Maintainers accepted this issue, fixed it in 76411b2afc4ae721e36c12e0ea24fd23e2fed61e on 2026-03-27, and that fix shippe...

5.8AI score

Exploits0References3Affected Software1

Snyk•added 2026/04/03 3:3 a.m.•3 views

Improper Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization in the config.patch process. An attacker can gain unauthorized access to privileged actions by silently disabling execution approval mechanisms. Remediation Upgrade...

OSV•added 2026/04/03 3:3 a.m.•2 views

Exploits0References2

GHSA-V3QC-WRWX-J3PW OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`

8.2CVSS5.9AI score

Github Security Blog•added 2025/01/23 5:51 p.m.•21 views

Envoy Admin Interface Exposed through prometheus metrics endpoint

Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration...

7.1CVSS7.2AI score0.00181EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2025/01/23 4:52 a.m.•10 views

CVE-2025-24030

A flaw was found in Envoy Gateway. This vulnerability allows a user with access to a Kubernetes cluster where Envoy Gateway is installed to use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can terminate the Envoy proces...

7.1CVSS7AI score0.00181EPSS

Exploits0References7

OSV•added 2025/01/23 3:20 a.m.•6 views

CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...

7.1CVSS6.9AI score0.00181EPSS

Exploits0References6

Cvelist•added 2025/01/23 3:20 a.m.•22 views

CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint

7.1CVSS0.00181EPSS

Vulnrichment•added 2025/01/23 3:20 a.m.•7 views

CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint

7.1CVSS7.2AI score0.00181EPSS