Lucene search
K

9 matches found

Snyk
Snyk
added 2026/05/05 1:35 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call realtime WebSocket path when oversized WebSocket frames are accepted without proper validation. An attacker can cau...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 1:35 p.m.9 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the tabs/action endpoint in browser tab action routes. An attacker can gain unauthorized access to restricted resources by sending crafted requests that bypass...

8.5CVSS5.8AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:17 p.m.6 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the host-media attachment read helper. An attacker can access unauthorized local files by bypassing sender or group-scoped policy restrictions through the...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:14 p.m.8 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via host=node override in the routing execution. An attacker can bypass intended sandbox restrictions and execute code on a remote node by manipulating the routing...

9.9CVSS6AI score0.00347EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 9:59 p.m.12 views

Binding to an Unrestricted IP Address

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address via the CDP relay. An attacker can gain unauthorized access to the Chrome DevTools Protocol by connecting from outside the intended local or sandboxe...

9.6CVSS5.8AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 9:58 p.m.5 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the channel setup. An attacker can gain unauthorized access to privileged plugin functionality by introducing untrusted workspace plugin shadows that are resolved...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 9:58 p.m.6 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via improper validation of the outPath parameter in the screen recording. An attacker can write files outside the intended workspace boundary by specifying a path...

7.1CVSS5.8AI score0.0022EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 9:58 p.m.4 views

DNS Rebinding

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to DNS Rebinding via improper hostname validation in the browser navigation policy. An attacker can access internal network resources or sensitive endpoints by exploiting DNS rebinding...

8.3CVSS5.7AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 9:55 p.m.5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the agent hook event processing. An attacker can escalate privileges by supplying craft...

9.8CVSS5.8AI score0.0019EPSS
Exploits0References2
Rows per page
Query Builder