GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: kargo, bom, gitsign, rancher-fleet, k9s, pulumi-language-java, gomplate, chezmoi, grafana, nfpm, pulumi-language-yaml, gitea, nuclei, tfsec, melange, pulumi, external-secrets-operator, apko, gitaly, zarf, xeol, gptscript, flux-source-controller, kubevela, witness,...

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: kargo, bom, gitsign, rancher-fleet, k9s, pulumi-language-java, gomplate, chezmoi, grafana, nfpm, pulumi-language-yaml, gitea, nuclei, tfsec, melange, pulumi, external-secrets-operator, apko, gitaly, zarf, xeol, gptscript, flux-source-controller, kubevela, witness,...

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: kargo, bom, gitsign, rancher-fleet, k9s, pulumi-language-java, gomplate, chezmoi, grafana, nfpm, pulumi-language-yaml, gitea, nuclei, tfsec, melange, pulumi, external-secrets-operator, apko, gitaly, zarf, xeol, gptscript, flux-source-controller, kubevela, witness,...

GHSA-JHF3-XXHW-2WPP vulnerabilities

Vulnerabilities for packages: kargo, bom, gitsign, rancher-fleet, k9s, pulumi-language-java, gomplate, chezmoi, grafana, nfpm, pulumi-language-yaml, gitea, nuclei, tfsec, melange, pulumi, external-secrets-operator, apko, gitaly, zarf, xeol, gptscript, flux-source-controller, kubevela, witness,...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a low-privileged operator to approve nodes with a wider scope...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute native code after an operator approves misleading command text...

OpenClaw: `browser.request` still allows `POST /reset-profile` through the `operator.write` surface

Fixed in OpenClaw 2026.3.24, the current shipping release. Title browser.request still allows POST /reset-profile through the operator.write surface in OpenClaw v2026.3.22 after GHSA-vmhq-cqm9-6p7q Severity Assessment High CWE: - CWE-863: Incorrect Authorization Proposed CVSS v3.1: - 8.1...

GHSA-XP9R-PRPG-373R OpenClaw: `browser.request` still allows `POST /reset-profile` through the `operator.write` surface

Fixed in OpenClaw 2026.3.24, the current shipping release. Title browser.request still allows POST /reset-profile through the operator.write surface in OpenClaw v2026.3.22 after GHSA-vmhq-cqm9-6p7q Severity Assessment High CWE: - CWE-863: Incorrect Authorization Proposed CVSS v3.1: - 8.1...

OpenClaw: Mutating internal `/allowlist` chat commands missed `operator.admin` scope enforcement

Fixed in OpenClaw 2026.3.24, the current shipping release. Title Mutating internal /allowlist chat commands missed operator.admin scope enforcement CWE CWE-862 Missing Authorization CVSS v3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Base score: 6.5 Medium Severity Assessment Medium. This is a...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization through insufficient scope enforcement in the /allowlist command handler. An attacker can make unauthorized persistent changes to configuration and pairing-store...

GHSA-VQVG-86CC-CG83 OpenClaw: Mutating internal `/allowlist` chat commands missed `operator.admin` scope enforcement

Fixed in OpenClaw 2026.3.24, the current shipping release. Title Mutating internal /allowlist chat commands missed operator.admin scope enforcement CWE CWE-862 Missing Authorization CVSS v3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Base score: 6.5 Medium Severity Assessment Medium. This is a...

OpenClaw: Gateway operator.write Can Reach Admin-Class Channel Allowlist Persistence via chat.send

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The shared /allowlist command persists channel authorization config through writeConfigFile... but does not re-validate gateway client scopes for internal gateway callers. Because chat.send is intentionally reachable to...

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management through the /allowlist process. An attacker can escalate privileges by using an authenticated gateway client with operator.write scope to persist unauthorize...

OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes. In contrast, the WebSocket RPC path enforces operator.read for models.list. A caller connected with operator.approvals...

GHSA-68F8-9MHJ-H2MP OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes. In contrast, the WebSocket RPC path enforces operator.read for models.list. A caller connected with operator.approvals...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /v1/models HTTP endpoint, which does not enforce the required operator read scope. An attacker can access and enumerate model metadata by sending...

Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.1

The 1.21.1 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.21.1 release of Red Hat OpenShift Pipelines Operator...

Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.1

The 1.21.1 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.21.1 release of Red Hat OpenShift Pipelines Operator...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the deleteSession process. An attacker can gain unauthorized access to privileged operations by exploiting the fallback mechanism that assigns a synthetic...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /sessions/:sessionKey/history route, which failed to enforce the required operator.read scope during authentication. An attacker can access session history...