CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

PT-2026-40812

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description The admin orders-transactions listing page at 'admin.php? g=orders&node=transactions' constructs a raw ORDER BY SQL fragment using the sort array from the $ GET variable without validating the colum...

CVE-2026-43528 OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

CVE-2026-43528

OpenClaw, prior to version 2026.4.14, is affected by a redaction bypass vulnerability that lets authenticated gateway clients read unredacted secrets via the sourceConfig and runtimeConfig aliases. Attackers with config read access can obtain sensitive material such as provider API keys, gateway ...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from editing bypasses, allowing authenticated gateway clients to receive unedited secrets through alias fiel...

GHSA-GV2F-Q4WP-FVH5 Duplicate Advisory: OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3cw3-5vxw-g2h3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained a access control vulnerability. This vulnerability stemmed from an authentication bypass flaw in the remote boot component, allowing unverified discovery endpoints ...

CVE-2026-41300

OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring...

CVE-2026-40045

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...

CVE-2026-41300 OpenClaw < 2026.3.31 - Preservation of Attacker-Discovered Endpoints in Remote Onboarding

OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring...

CVE-2026-41300

OpenClaw npm package OpenClaw (openclaw) before 2026.3.31 is affected by a trust-decline vulnerability that allows attacker-discovered endpoints to survive remote onboarding flows, enabling routing of gateway credentials to malicious endpoints. Affected versions are = 2026.3.31. If exploitation d...

CVE-2026-40045

CVE-2026-40045 affects OpenClaw prior to 2026.4.2. The Android gateway client accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. An attacker could forge discovery results or craft setup codes to redirect clients to malicio...

CVE-2026-40045

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...

PT-2026-33867

OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring...

PT-2026-33859

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...

OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases

Summary config.get redaction bypass through sourceConfig and runtimeConfig aliases. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact An authenticated gateway client with config read access could receive unredacted secrets through alias fiel...

Always-Incorrect Control Flow Implementation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation via the onboarding process. An attacker can obtain gateway credentials by leveraging a scenario where a previously discovered endpoint persist...

OpenClaw: Endpoint persists after trust decline, leaking gateway credentials

Summary Remote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived int...

GHSA-9F4W-67G7-MQWV OpenClaw: Endpoint persists after trust decline, leaking gateway credentials

Summary Remote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived int...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the onboard-remote.ts process. An attacker can gain unauthorized access to gateway credentials and potentially intercept sensitive traffic by leveraging a...