Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

43 matches found

RedhatCVE
RedhatCVEadded 2026/05/26 2:12 a.m.7 views

CVE-2026-43568

OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to...

7.1CVSS5.8AI score0.00034EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/07 8:21 p.m.6 views

CVE-2026-43585

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.8CVSS5.8AI score0.00143EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/06 9:31 p.m.6 views

EUVD-2026-28182

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.2CVSS5.8AI score0.00143EPSS
Exploits1References4
OSV
OSVadded 2026/05/06 9:31 p.m.4 views

GHSA-M8WM-R5VQ-QJPG Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmxx-7p24-h892. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain...

9.2CVSS5.7AI score0.00143EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/05/06 9:31 p.m.6 views

Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmxx-7p24-h892. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain...

9.8CVSS5.7AI score0.00143EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2026/05/06 8:16 p.m.2 views

CVE-2026-43585

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.8CVSS0.00143EPSS
Exploits1References3
CVE
CVEadded 2026/05/06 7:49 p.m.12 views

CVE-2026-43585

OpenClaw (affected component: gateway authentication) exposes a bearer token validation flaw prior to version 2026.4.15. The issue occurs because the service captures the resolved bearer-auth configuration at startup and does not re-resolve authentication per request after SecretRef rotation, all...

9.8CVSS5.8AI score0.00143EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/06 7:49 p.m.6 views

CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.2CVSS5.8AI score0.00143EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/05/06 7:49 p.m.5 views

CVE-2026-43585

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.2CVSS5.8AI score0.00143EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/06 7:49 p.m.24 views

CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...

9.2CVSS0.00143EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/05/05 11:25 a.m.0 views

CVE-2026-43568 OpenClaw 2026.4.5 through 2026.4.9 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint

OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to...

7.1CVSS5.8AI score0.00034EPSS
Exploits0References3
CVE
CVEadded 2026/05/05 11:25 a.m.7 views

CVE-2026-43568

OpenClaw is affected: versions 2026.4.5 up to (but not including) 2026.4.10 contain a privilege-escalation flaw in the memory-dreaming configuration. With write-scoped gateway access, an attacker can modify persistent memory dreaming settings via the /dreaming endpoint to escalate privileges (adm...

7.1CVSS5.8AI score0.00034EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/05 11:25 a.m.32 views

CVE-2026-43568 OpenClaw 2026.4.5 through 2026.4.9 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint

OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to...

7.1CVSS0.00034EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/05 11:25 a.m.3 views

EUVD-2026-27287

OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to...

7.1CVSS5.8AI score0.00034EPSS
Exploits0References3
NVD
NVDadded 2026/04/28 7:37 p.m.0 views

CVE-2026-41378

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging unrestricted...

8.8CVSS0.00285EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/28 6:9 p.m.3 views

EUVD-2026-26087

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging unrestricted...

8.8CVSS6.3AI score0.00285EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/28 6:9 p.m.3 views

CVE-2026-41378

OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escalate privileges by leveraging unrestricted...

8.8CVSS6.3AI score0.00285EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.2 views

PT-2026-35763

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A privilege escalation issue allows paired nodes with role=node to dispatch node.event agent requests, granting unrestricted tool access on the gateway side. Attackers possessing trusted paired...

8.8CVSS6.5AI score0.00285EPSS
Exploits0References6
CVE
CVEadded 2026/04/16 12:8 a.m.4 views

CVE-2026-40503

OpenHarness CVE-2026-40503 affects releases prior to commit dd1d235. The issue is a path traversal vulnerability in the /memory show command that lets remote gateway users with chat access read arbitrary files outside the project memory directory, bypassing filesystem containment validation. CVSS...

7.1CVSS5.9AI score0.00015EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2026/03/29 1:17 p.m.2 views

CVE-2026-32922

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin toke...

9.9CVSS0.00321EPSS
Exploits0References2
Rows per page
Query Builder