Lucene search
+L

8 matches found

ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.13 views

PT-2026-53022

Name of the Vulnerable Software and Affected Versions Nebula Mesh affected versions not specified Description The web UI /ui/ fails to apply per-operator Certificate Authority CA scoping. This allows any authenticated non-admin operator to access, block, or delete resources belonging to other...

8.8CVSS6AI score
Exploits0References4
cve
cve
added 2026/04/10 4:3 p.m.23 views

CVE-2026-35663

CVE-2026-35663 affects OpenClaw prior to 2026.3.25. A privilege-escalation vulnerability allows non-admin operators to self-request broader scopes during backend reconnect, bypassing pairing requirements and reconnecting as operator.admin to gain unauthorized administrative privileges. Impact is ...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/04/10 4:3 p.m.1 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3
euvd
euvd
added 2026/04/10 4:3 p.m.8 views

EUVD-2026-21472

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/10 4:3 p.m.30 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS0.00276EPSS
Exploits0References3
snyk
snyk
added 2026/03/27 10:29 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the backend reconnect process. An attacker can escalate privileges by reconnecting with non-admin operator scopes and self-claiming higher privileges such as...

9.6CVSS5.9AI score0.00276EPSS
Exploits0References3
osv
osv
added 2026/03/27 10:29 p.m.3 views

GHSA-9HJH-FR4F-GXC4 OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Backend-labeled...

9.3CVSS5.9AI score0.00276EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/03/27 12:0 a.m.10 views

PT-2026-31974

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains a privilege escalation issue that allows non-administrator users to request broader scopes during backend reconnection. This bypasses pairing requirements, enabling attackers t...

9.3CVSS5.8AI score0.00276EPSS
Exploits0References9
Rows per page
Query Builder