12 matches found
CVE-2026-53827
OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by...
CVE-2026-53827 OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding
OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by...
CVE-2026-53827 OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding
OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by...
PT-2026-49031
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An issue in message.action forwarding allows model-controlled metadata to forward action payloads containing Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept...
CVE-2026-7533
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...
CVE-2026-42421
OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token...
CVE-2026-32001
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...
OpenClaw's dashboard leaked gateway auth material via browser URL/query and localStorage
OpenClaw's macOS Dashboard flow exposed Gateway authentication material to browser-controlled surfaces. Before the fix, the macOS app appended the shared Gateway token and password to the Dashboard URL query string when opening the Control UI in the browser. The Control UI then imported the token...
OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback
Vulnerability OpenClaw reused gateway.auth.token and gateway.remote.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay=hash and commands.ownerDisplaySecret was unset. This created secret dual-use between gateway authentication and prompt metadata hashing...
Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens
Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw formerly Clawdbot and Moltbot configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the...
Credential Exposure
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Credential Exposure in the form of gateway query parameter hook tokens being sent in websocket responses. An attacker who convinces a user to follow a link with a malicious gatewayUrl URL...
PT-2026-1730
Name of the Vulnerable Software and Affected Versions Ansible Automation Platform AAP affected versions not specified Description A flaw exists in Ansible Automation Platform AAP where read-only scoped OAuth2 API Tokens, enforced at the Gateway level for Gateway-specific operations, can be used t...