Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the delivery queue recovery. An attacker can bypass group tool-policy enforcement for media replay by replaying recovered queued outbound media without the origin...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization when handling collect-mode queue batches, where messages from different senders could be processed together using the authorization context of the final sender. An...

GHSA-JWRQ-8G5X-5FHM OpenClaw: Collect-mode queue batches could reuse the last sender authorization context

Summary Collect-mode queue batches could reuse the last sender authorization context. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Collect-mode queued messages from different senders could be drained as one batch using the final sender'...

OpenClaw: Collect-mode queue batches could reuse the last sender authorization context

Summary Collect-mode queue batches could reuse the last sender authorization context. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Collect-mode queued messages from different senders could be drained as one batch using the final sender'...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007244 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007362)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007362 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix kernel NULL pointer dereference error When rxequeueinit in the function rxeqpinitre...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007394)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007394 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187stop move the call of...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: cups (UTSA-2026-010665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010665 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007279)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007279 advisory. In the Linux kernel, the following vulnerability has been resolved: iavf: free qvectors before queues in iavfdisablevf iavffreequeues clears adapter-numactivequeues,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007590 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cmid...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007463)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007463 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007563)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007563 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blkcleanupqueue and diskrelease For avoiding to slow...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007390)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007390 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007229)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007229 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007539 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbdstartdeviceioctl syzbot reported hung task 1. The followi...

PT-2026-37020

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description An authorization context reuse issue exists in collect-mode queue batches. This allows messages from different senders to inherit the authorization context of the final sender. An attacker can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007417)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007417 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007222)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007222 advisory. In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot 1, there is a memory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: cups (UTSA-2026-007170)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007170 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a...

Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Qdisc...