OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

Summary Gateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart. Impact A bearer token that should have been revoked by SecretRe...

CVE-2026-32045

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication...

GHSA-QWMF-95R9-GX9X Duplicate Advisory: OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hff7-ccv5-52f8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an automation tool for executing system commands. An authentication bypass vulnerability exists in versions prior to OpenClaw 2026.2.21 that stems from the system failing to enforce secure authentication when the allowInsecureAuth setting is explicitly enabled and the gateway is expos...

GHSA-HFF7-CCV5-52F8 OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes

Summary When tokenless Tailscale auth is enabled, OpenClaw should only allow forwarded-header auth for Control UI websocket authentication on trusted hosts. In affected versions, that tokenless path could also be used by HTTP gateway auth call sites, which could bypass token/password requirements...

CVE-2025-36274

IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user...

Security Bulletin: Multiple vulnerabilities in IBM Aspera HTTP Gateway

Summary Multiple vulnerabilities were addressed in IBM Aspera HTTP Gateway version 2.3.2. Vulnerability Details CVEID:CVE-2025-36274 DESCRIPTION: IBM Aspera HTTP Gateway stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. CWE:CWE-312...

CVE-2025-36274 IBM Aspera HTTP Gateway information disclosure

IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user...

CVE-2025-36274

IBM Aspera HTTP Gateway (versions 2.0.0–2.3.1) is vulnerable to information disclosure: sensitive data stored in clear text in easily obtainable files that unauthenticated users can read. The CVE-2025-36274 entry specifies CWE-312 and a CVSS v3.1 base score of 7.5 (NETWORK, LOW attack complexity,...

IBM Aspera HTTP Gateway 安全漏洞

IBM Aspera HTTP Gateway is a large file transfer component from International Business Machines IBM. A security vulnerability exists in IBM Aspera HTTP Gateway version 2.3.1 and prior versions that originates from storing sensitive information in plaintext, which could be read by unauthenticated...

PT-2025-39643

Name of the Vulnerable Software and Affected Versions IBM Aspera HTTP Gateway versions 2.0.0 through 2.3.1 Description The IBM Aspera HTTP Gateway stores sensitive information in clear text within easily accessible files. An unauthenticated user can read these files. Recommendations Update to a...

SUSE CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

GO-2025-3809 Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout in github.com/ctfer-io/chall-manager

Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout in github.com/ctfer-io/chall-manager...

CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

Denial Of Service (DoS)

github.com/ctfer-io/chall-manager is vulnerable to Denial Of Service DoS. The vulnerability is due to the HTTP Gateway accepting headers indefinitely, enabling Slowloris attacks without requiring authentication or authorization...

CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

CVE-2025-53634

CVE-2025-53634 affects Chall-Manager's HTTP Gateway. The vulnerability arises from no timeout on HTTP header processing, enabling a slowloris-style DoS that does not require authentication. A patch was implemented (commit 1385bd8) and shipped in v0.1.4, with remediation guidance to upgrade to tha...

CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

Impact The HTTP Gateway processes headers, but with no timeout set. With a Slowloris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommende...