Lucene search
K

25 matches found

CVE
CVE
added 2026/06/17 8:5 p.m.29 views

CVE-2026-32682

The CVE-2026-32682 entry concerns NGINX Gateway Fabric. The vulnerability arises when GRPCRoutes are configured; an authenticated user with permission to create or modify GRPCRoute resources can cause the control plane to terminate by sending undisclosed GRPCRoute configurations containing backen...

7.1CVSS5.5AI score0.00292EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/15 3:30 a.m.11 views

MLflow: unauthenticated access to certain FastAPI routes

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.4AI score0.01502EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/15 3:16 a.m.34 views

CVE-2026-2652

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS0.01502EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 2:13 a.m.6 views

CVE-2026-2652

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.5AI score0.01502EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.14 views

PT-2026-41260

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.10.0 Description An authentication bypass occurs when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authenticatio...

8.6CVSS7.4AI score0.01502EPSS
Exploits1References6
Snyk
Snyk
added 2026/05/06 9:52 p.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gRPC management server. An attacker can access sensitive BGP configuration and manipulate routing decisions by sending unauthorized gRPC requests from any pod within the cluster. This...

6.3CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.27 views

CVE-2026-35669 OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

8.8CVSS0.00298EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 4:3 p.m.6 views

EUVD-2026-21484

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32045

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

9.1CVSS5.8AI score0.00401EPSS
Exploits0References1
OSV
OSV
added 2026/03/21 3:31 a.m.3 views

GHSA-QWMF-95R9-GX9X Duplicate Advisory: OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hff7-ccv5-52f8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway...

8.2CVSS5.7AI score0.00401EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.8 views

Duplicate Advisory: OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hff7-ccv5-52f8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway...

9.1CVSS5.7AI score0.00401EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/21 1:17 a.m.6 views

CVE-2026-32045

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

9.1CVSS0.00401EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32045 OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

8.2CVSS5.8AI score0.00401EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/21 12:42 a.m.4 views

EUVD-2026-13939

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

8.2CVSS5.8AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.32 views

CVE-2026-32045 OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

8.2CVSS0.00401EPSS
Exploits0References3
OSV
OSV
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32045 OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

8.2CVSS5.9AI score0.00401EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.1 views

CVE-2026-32045

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

8.2CVSS5.8AI score0.00401EPSS
Exploits0References4
CVE
CVE
added 2026/03/21 12:42 a.m.29 views

CVE-2026-32045

CVE-2026-32045 affects OpenClaw: versions prior to 2026.2.21 apply tokenless Tailscale header authentication to HTTP gateway routes, bypassing token/password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper credentials. The...

9.1CVSS5.8AI score0.00401EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26728

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

8.2CVSS5.8AI score0.00401EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/03 6:43 p.m.3 views

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation during authentication. An attacker can gain unauthorized access to HTTP gateway routes by exploiting the improper application of tokenless Tailscale authentication...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References2
Rows per page
Query Builder