Lucene search
K

8 matches found

Snyk
Snyk
added 2026/04/09 5:36 p.m.5 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper handling of redirects in the Playwright navigation. An attacker can access internal or private network resources by crafting requests that...

6.9CVSS5.8AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.3 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Interaction-Triggered Navigation. An attacker can access internal resources by triggering browser interactions that bypass normal navigation check...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.4 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the uploadfile or uploadimage process. An attacker can access files outside the intended workspace directory by uploading special...

6.5CVSS5.8AI score0.00326EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:32 p.m.3 views

Improper Input Validation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Input Validation in to the strictInlineEval function. An attacker can execute unauthorized inline evaluation commands by exploiting the approval-timeout fallback mechanism, which...

7.7CVSS5.9AI score0.00316EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 2:22 p.m.4 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the handling of environment variables in the exec env denylist. An attacker can execute arbitrary commands by injecting malicious values into...

8.6CVSS6AI score0.00188EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/09 2:22 p.m.6 views

Trust Boundary Violation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Trust Boundary Violation via the wake process. An attacker can inject unauthorized payloads into the trusted System: prompt channel by sending authenticated /hooks/wake or mapped wake...

8.5CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 2:22 p.m.3 views

Trust Boundary Violation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Trust Boundary Violation via the process handling background runtime output injection into trusted System: events. An attacker can escalate privileges or inject unauthorized commands by...

7.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder