Lucene search
+L

12 matches found

EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-45111

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower-trust callers to execute actions beyond their intended authorization. Attackers can exploit misconfigured input paths to execute or persist unauthorized actions when the...

8.8CVSS6.2AI score
Exploits0References2
CVE
CVE
added 11 hours ago7 views

CVE-2026-62211

OpenClaw versions prior to 2026.6.1 expose a credential redaction bypass in the trajectory export feature. The flaw allows lower-trust callers to access data that should remain within trusted boundaries by exploiting misconfigured input paths or feature accessibility in the export mechanism. Affe...

5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-45099

OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose...

5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-45091

OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege escalation vulnerability in isolated cron jobs that allows lower-trust callers to regain denied execution tools. Attackers can execute or persist actions beyond their intended authorization by leveraging misconfigured input paths in t...

8.8CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43538

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS6.2AI score0.0016EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-62198

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.4CVSS0.0016EPSS
Exploits0References2
OSV
OSV
added 4 days ago5 views

CVE-2026-62198 OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS6.2AI score0.0016EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-62198 OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS0.0016EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

CVE-2026-62194 OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.7CVSS6.2AI score0.00251EPSS
Exploits0References5
CVE
CVE
added 4 days ago8 views

CVE-2026-62192

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester authorizat...

8.1CVSS6.2AI score0.00233EPSS
Exploits0References2Affected Software1
OSV
OSV
added 4 days ago4 views

CVE-2026-62192 OpenClaw 2026.6.6 < 2026.6.9 Authorization Bypass

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...

7.2CVSS6.2AI score0.00233EPSS
Exploits0References5
CVE
CVE
added 4 days ago16 views

CVE-2026-62186

OpenClaw is affected in versions before 2026.6.8 by an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides. The issue allows lower-trust callers to bypass admin authorization policies and execute restricted operations via misconfigured input paths. Exploitation details ar...

7.6CVSS6.2AI score0.00192EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder