21 matches found
CVE-2026-42421
OpenClaw prior to 2026.4.8 suffers a session-management vulnerability in which existing WebSocket sessions persist after shared gateway token rotation. This allows an unauthorized party to maintain access to WebSocket connections even after token rotation, due to failure to disconnect existing sh...
CVE-2026-42421 OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rotation
OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token...
GHSA-5H3F-885M-V22W OpenClaw: Existing WS sessions survive shared gateway token rotation
Impact Existing WS sessions survive shared gateway token rotation. Rotating the shared gateway token did not disconnect existing shared-token WebSocket sessions. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant...
OpenClaw: Existing WS sessions survive shared gateway token rotation
Impact Existing WS sessions survive shared gateway token rotation. Rotating the shared gateway token did not disconnect existing shared-token WebSocket sessions. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the direct embedding of long-term shared gateway credentials in the pairing setup code, which can be exploited by an attacker to recover and reuse credentials v...
OpenClaw Authentication Bypass Vulnerability (CNVD-2026-14840)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication bypass vulnerability that originates from allowing clients authenticated with a shared gateway token to connect as a role=node without device authentication. An attacker could use thi...
CVE-2026-32042 OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present...
CVE-2026-32042
OpenClaw version set
CVE-2026-32042 OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present...
CVE-2026-32042
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present...
PT-2026-26725
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present...
CVE-2026-32001
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...
EUVD-2026-13253
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...
CVE-2026-29777
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...
CVE-2026-29777
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the WebSocket connect process. An attacker can inject unauthorized node.event messages by connecting with a shared gateway token and claiming role=node without...
OpenClaw's Node role device-identity bypass allows unauthorized node.event injection
Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...
GHSA-RV2Q-F2H5-6XMG OpenClaw's Node role device-identity bypass allows unauthorized node.event injection
Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...
OpenClaw unpaired device identity can bypass operator pairing and self-assign operator scopes with shared auth
Summary A client using shared gateway auth could attach an unpaired device identity and request elevated operator scopes including operator.admin before pairing approval, enabling privilege escalation. Impact Attackers with valid shared gateway auth could self-assign higher operator scopes by...
PT-2026-26383
Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...