Lucene search
K

10 matches found

Snyk
Snyk
added 2026/03/04 7:17 p.m.2 views

Reliance on IP Address for Authentication

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on IP Address for Authentication in the authorizeCanvasRequest process. An attacker can gain unauthorized access to canvas endpoints and sensitive interface content by sending HT...

7.6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 11:19 p.m.3 views

Command Injection

Overview @openclaw/lobster is an Adds the lobster agent tool as an optional plugin tool. Affected versions of this package are vulnerable to Command Injection via the fallback process on Windows systems when certain spawn failures occur and shell: true is used. An attacker can execute arbitrary...

7CVSS6AI score0.00525EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:50 p.m.3 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the gateway.cmd script generation. An attacker can execute arbitrary commands by supplying specially crafted environment variable values containing Windows shell...

7.8CVSS6AI score0.00637EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:42 p.m.1 views

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the /extension endpoint when the Chrome extension relay feature is enabled. An attacker can gain unauthorized access to extension-relay...

5.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:37 p.m.3 views

Improper Encoding or Escaping of Output

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the script generation process in Windows deployments due to improper handling of command-line arguments in gateway.cmd. An attacker can execute...

8.5CVSS6AI score0.00571EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:36 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization incomplete access checks in authenticated DM sessions for owner-only gateway tools. An attacker can perform unauthorized gateway actions by invoking specific tool...

4.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:35 p.m.2 views

Improper Certificate Validation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Certificate Validation via channels.imessage.remoteHost. An attacker can execute arbitrary commands or intercept sensitive data by exploiting trust-on-first-use SSH host key...

5.4CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/02/20 9:5 p.m.3 views

UNIX Symbolic Link (Symlink) Following

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the packageskill.py script. An attacker can cause unintentional disclosure of local files from the packaging machine by including symlinks in a...

4.6CVSS5.7AI score0.00221EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 10:6 p.m.4 views

Information Exposure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure via the tools.exec.safeBins flow. An attacker can infer the existence of files on the host filesystem by observing differences in command approval or denial outcomes...

5.5CVSS5.7AI score0.00133EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 10:6 p.m.3 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the tools.exec.safeBins configuration. An attacker can gain unauthorized access to the filesystem by leveraging allowed sort output flags -o or...

3.6CVSS6.1AI score
Exploits0References3
Rows per page
Query Builder