CLEANSTART-2026-HZ73294 Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service

Multiple security vulnerabilities affect the kube-fluentd-operator package. Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. See references for individual...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the HTTP /sessions/:sessionKey/kill route. As a result, any user with a toke...

Aiven Operator 安全漏洞

Aiven Operator is an open-source Kubernetes cluster management service developed by Aiven. Versions of Aiven Operator from 0.31.0 to 0.37.0 contained a security vulnerability. This vulnerability stemmed from the operator trusting the namespace values provided by users without verification. As a...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from allowing attackers with the operator.read scope to expose credentials, potentially leading to informati...

PT-2026-31659

Name of the Vulnerable Software and Affected Versions Aiven Operator versions 0.31.0 through 0.36.9 Description Aiven Operator allows provisioning and management of Aiven Services from a Kubernetes cluster. A developer with create permission on ClickhouseUser Custom Resource Definitions CRDs in...

PT-2026-31778

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains a privilege escalation issue in the gateway plugin subagent's deleteSession function. This function utilizes a synthetic operator.admin runtime scope, allowing attackers to...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of the operator.admin scope for mutated internal ACP chat commands, which could...

GHSA-XMRV-PMRH-HHX2 vulnerabilities

Vulnerabilities for packages: tflint, litestream, grype-db, velero-plugin-for-aws, crossplane-provider-aws-rds-fips, boring-registry, xeol, zarf, cloudbeat, crossplane-provider-aws-elasticache, crossplane-provider-aws-sns, gitaly-fips, cerbos, falcosidekick-fips, aws-nuke,...

CLEANSTART-2026-TI57220 url

Multiple security vulnerabilities affect the prometheus-operator package. url. See references for individual vulnerability details...

Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

OpenClaw has an unspecified vulnerability (CNVD-2026-16694)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated operator with only operator.write privileges to access the administrator-specific browser profile management rout...

OpenClaw has an unspecified vulnerability (CNVD-2026-16698)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an attacker with operator.pairing privileges to cast tokens with broader privileges to obtain an operator.admin token and execute...

Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

EUVD-2026-19747

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities,...

GHSA-767M-XRHC-FXM7 OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send

Summary Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Telegram config or cron persistence bug, but it is an authenticated...

Improper Handling of Insufficient Permissions or Privileges

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the operator.write module reaching admin-class Talk Voice configuration persistence through chat.send. An attacker can gain...

OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send

Summary Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Talk Voice config persistence bug, but it is the same narrow...

OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels

Summary /phone arm//phone disarm Bypasses operator.admin Scope Check for External Channels Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Maintainers accepted this issue, fixed it in aa66ae1fc797d3298cc409ed2c5da69a89950a45 on 2026-03-27, and that fix shipped...

GHSA-H2V7-XC88-XX8C OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels

Summary /phone arm//phone disarm Bypasses operator.admin Scope Check for External Channels Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Maintainers accepted this issue, fixed it in aa66ae1fc797d3298cc409ed2c5da69a89950a45 on 2026-03-27, and that fix shipped...

CVE-2026-22683

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities,...