Lucene search
K

9 matches found

OSV
OSV
added 2026/04/24 12:31 a.m.7 views

GHSA-R7P2-R9G4-4XPH Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f7j-rp58-mr42. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin...

5.3CVSS5.7AI score0.00283EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.6 views

Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f7j-rp58-mr42. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin...

5.3CVSS5.7AI score0.00283EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/23 9:57 p.m.9 views

CVE-2026-41339

OpenClaw vulnerability CVE-2026-41339 affects OpenClaw prior to 2026.4.2. The issue is an information disclosure via Gateway connect snapshots, where configPath and stateDir metadata are exposed to non-admin authenticated clients. This allows recovery of host-specific filesystem paths and deploym...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from exposing configPath and stateDir metadata to non-administrator authenticated clients during the Gateway...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.19 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.3 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References4
CVE
CVE
added 2026/04/09 9:27 p.m.21 views

CVE-2026-35644

OpenClaw before 2026.3.22 has an information disclosure vulnerability that allows attackers with operator.read scope to exfiltrate credentials embedded in channel baseUrl and httpUrl fields..adversaries can retrieve sensitive authentication information from gateway snapshots via config.get and ch...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.12 views

PT-2026-31777

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw before version 2026.3.22 contains an information disclosure issue. Attackers with operator.read scope can expose credentials embedded in the channel baseUrl and httpUrl fields. Sensitiv...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/26 9:15 p.m.3 views

Insufficiently Protected Credentials

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the config.get and channels.status processes. An attacker can obtain sensitive credentials by accessing gateway snapshots that include unredacted...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References3
Rows per page
Query Builder