10 matches found
GHSA-GXX6-H3G6-VWJH SillyTavern has Authentication Bypass via SSO Header Injection
Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...
SillyTavern has Authentication Bypass via SSO Header Injection
Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...
CVE-2026-26322
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...
CVE-2026-26322
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...
CVE-2026-26322
CVE-2026-26322 affects the OpenClaw AI assistant. Prior to version 2026.2.14, the Gateway tool allowed a tool-supplied gatewayUrl to pass without proper restriction, enabling outbound WebSocket connections from the OpenClaw host to user-specified targets when a caller can invoke tools with gatewa...
CVE-2026-26322 OpenClaw Gateway tool allowed unrestricted gatewayUrl override
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...
CVE-2026-26322 OpenClaw Gateway tool allowed unrestricted gatewayUrl override
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...
OpenClaw Gateway tool allowed unrestricted gatewayUrl override
Summary The Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.14 planned What...
PT-2026-20952
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Gateway tool in OpenClaw accepted a tool-supplied gatewayUrl without sufficient restrictions, potentially causing the OpenClaw host to attempt outbound WebSocket connections to user-specifie...
SUSE CVE-2014-9494
RabbitMQ before 3.4.0 allows remote attackers to bypass the loopbackusers restriction via a crafted X-Forwareded-For header...