10 matches found
PT-2026-34781
OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session status function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invocations. Attackers can invoke session status without sandbox constraints to bypass session-policy...
CVE-2026-28469
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...
CVE-2026-22043 RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed denyonly short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privilege...
GO-2025-4034 MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS in github.com/minio/minio
MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS in github.com/minio/minio...
FreeBSD : minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS (511f5aac-ab46-11f0-9446-f02f7497ecda)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 511f5aac-ab46-11f0-9446-f02f7497ecda advisory. mino reports: A privilege escalation vulnerability allows service accounts and STS Security Token Servi...
BIT-MINIO-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
GHSA-JJJJ-JWHF-8RGR MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS
Summary A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same user...
EUVD-2025-34834
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...