Lucene search
K

24 matches found

Snyk
Snyk
added 2026/03/03 11:32 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the WebSocket connect process. An attacker can inject unauthorized node.event messages by connecting with a shared gateway token and claiming role=node without...

5.4CVSS5.9AI score0.00268EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/03 9:39 p.m.10 views

OpenClaw unpaired device identity can bypass operator pairing and self-assign operator scopes with shared auth

Summary A client using shared gateway auth could attach an unpaired device identity and request elevated operator scopes including operator.admin before pairing approval, enabling privilege escalation. Impact Attackers with valid shared gateway auth could self-assign higher operator scopes by...

5.9AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.8 views

PT-2026-26383

Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...

5.4CVSS6AI score0.00268EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.3 views

NetSupport Manager 安全漏洞

NetSupport Manager is a remote control software from NetSupport Manager, Inc. A security vulnerability exists in NetSupport Manager versions prior to 14.12.0001 that stems from the use of a reversible coding scheme to store a shared Gateway Key, which could lead to unauthorized access...

8.4CVSS6.7AI score0.00143EPSS
Exploits0References4
Rows per page
Query Builder