Lucene search
+L

40 matches found

NVD
NVD
added 11 hours ago6 views

CVE-2026-62220

OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availabili...

6.3CVSS
Exploits0References2
EUVD
EUVD
added 13 hours ago4 views

EUVD-2026-45116

OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can exploit mismatched environment configurations to...

8.8CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 13 hours ago9 views

CVE-2026-62226 OpenClaw 2026.3.28 < 2026.5.19 Authorization Bypass via Browser Act Route

OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks...

8.5CVSS
Exploits0References2
EUVD
EUVD
added 13 hours ago6 views

EUVD-2026-45112

OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected featur...

5.4CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 13 hours ago7 views

EUVD-2026-45108

OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availabili...

6.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 13 hours ago5 views

EUVD-2026-45104

OpenClaw 2026.4.20 before 2026.5.28 contain a policy bypass in the QQBot media upload feature. A lower-trust caller or configured input path could cause the media upload to reach network destinations that should have been blocked by OpenClaw policy server-side request forgery. The practical impac...

5CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 13 hours ago3 views

CVE-2026-62214

OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...

6.5CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 13 hours ago9 views

CVE-2026-62214 OpenClaw < 2026.5.28 Bot Framework SSRF via serviceUrl Parameter Validation

OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...

6.5CVSS
Exploits0References2
CVE
CVE
added 13 hours ago6 views

CVE-2026-62209

OpenClaw 2026.5.10-beta.1 before 2026.6.5 contains an authorization bypass in the ClickClack agent-mode dispatch feature. When enabled and reachable, a lower-trust caller or configured input path could bypass the required policy checks (toolsAllow), allowing actions that should require stronger a...

8.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added 13 hours ago7 views

CVE-2026-62208

CVE-2026-62208 affects prior to 2026.6.5. When MCP SSE redirects are used with the affected feature enabled, Authorization headers could be forwarded, allowing a lower-trust caller or configured input path to execute or persist actions beyond the caller’s intended authorization. Impact depends o...

6.5CVSS6.2AI score
Exploits0References2
CVE
CVE
added 13 hours ago5 views

CVE-2026-62207

The CVE-2026-62207 entry affects OpenClaw versions before 2026.6.5, where an authentication bypass exists due to insufficient policy checks on configured input paths. This vulnerability allows lower-trust callers to reach admin-scoped tools and perform actions that require higher authorization, a...

8.8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 13 hours ago5 views

EUVD-2026-45094

OpenClaw versions before 2026.6.9 contain a missing authorization vulnerability in Discord moderation actions. In affected versions, a lower-trust caller or configured input path could perform moderation actions that should have required a stronger authorization or policy check. Practical impact...

7.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added 13 hours ago5 views

CVE-2026-62203

OpenClaw vulnerable before version 2026.6.6 due to an environment variable filtering issue in host exec that fails to sanitize rustup startup variables. Affected product: OpenClaw. Root cause: improper sanitization of environment variables during rustup startup. Impact: attackers with lower-trust...

8.8CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43535

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS6.2AI score0.0023EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43538

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS6.2AI score0.0016EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43564

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score0.00192EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43567

OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the...

7.6CVSS6.1AI score0.00246EPSS
Exploits0References3
NVD
NVD
added 4 days ago3 views

CVE-2026-62200

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS0.00295EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-62197

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS0.00199EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-62190

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...

8.8CVSS0.00285EPSS
Exploits0References2
Rows per page
Query Builder