Lucene search
K

147 matches found

CVE
CVE
added 2026/04/09 9:27 p.m.8 views

CVE-2026-35638

OpenClaw prior to 2026.3.22 exposes a privilege escalation in the Control UI. The vulnerability allows unauthenticated sessions to retain self-declared privileged scopes due to a device-less allow path in the trusted-proxy mechanism, bypassing device identity verification. Affected software compo...

8.8CVSS6AI score0.00288EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.19 views

CVE-2026-35638 OpenClaw < 2026.3.22 - Privilege Escalation via Self-Declared Scopes in Trusted-Proxy Control UI

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintai...

8.8CVSS0.00288EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.6 views

CVE-2026-34720

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

4.3CVSS5.9AI score0.001EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.3 views

PT-2026-31773

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw contains a privilege escalation issue in the Control UI. Unauthenticated sessions can retain self-declared privileged scopes without device identity verification. Attackers can exploit...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References9
NVD
NVD
added 2026/04/08 7:25 p.m.9 views

CVE-2026-34720

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

4.3CVSS0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:11 p.m.19 views

CVE-2026-34720 Zammad has an origin validation error in SSO mechanism

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

2.3CVSS0.001EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:11 p.m.1 views

EUVD-2026-20560

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

2.3CVSS5.9AI score0.001EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:11 p.m.3 views

CVE-2026-34720 Zammad has an origin validation error in SSO mechanism

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

2.3CVSS5.9AI score0.001EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:11 p.m.11 views

CVE-2026-34720

CVE-2026-34720 affects the Zammad web-based helpdesk system. Prior to versions 7.0.1 and 6.5.4, the SSO mechanism did not verify that the header originated from a trusted SSO proxy/gateway before applying subsequent actions, representing an origin-validation weakness. The issue is fixed in 7.0.1 ...

4.3CVSS5.9AI score0.001EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.10 views

PT-2026-31417

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

2.3CVSS5.9AI score0.001EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 3:5 a.m.2 views

GHSA-G374-MGGX-P6XC OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode

Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a...

8.6CVSS5.9AI score0.0034EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/03 3:5 a.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the authentication process when using trusted-proxy authentication mode. An attacker can gain elevated privileges by exploiting incomplete scope-clearing,...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:5 a.m.7 views

OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode

Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/03 2:55 a.m.3 views

GHSA-MHR7-2XMV-4C4Q OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode

Summary HTTP operator endpoints lack browser-origin validation in trusted-proxy mode Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: This is a real trusted-proxy HTTP CSRF or browser-origin gap in released tags, but it is not critical because it depends on...

7.1CVSS5.9AI score0.00112EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/03 2:55 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the HTTP operator endpoints when running in trusted-proxy mode, as browser-origin validation is not enforced. An attacker can perform unauthorized actio...

7.1CVSS5.9AI score0.00112EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 2:55 a.m.8 views

OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode

Summary HTTP operator endpoints lack browser-origin validation in trusted-proxy mode Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: This is a real trusted-proxy HTTP CSRF or browser-origin gap in released tags, but it is not critical because it depends on...

7.1CVSS5.9AI score0.00112EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/26 7:50 p.m.5 views

GHSA-48VW-M3QC-WR99 OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths

Summary Trusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 7:50 p.m.2 views

Reliance on Untrusted Inputs in a Security Decision

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision in the trusted-proxy Control UI session handling process. An attacker can retain privileged scopes without device identity by accessing...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 7:50 p.m.6 views

OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths

Summary Trusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

5.8AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32057

OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui...

8.1CVSS5.9AI score0.00335EPSS
Exploits0References1
Rows per page
Query Builder