3 matches found
CVE-2026-43992
The CVE describes a vulnerability in JunoClaw where, prior to version 0.x.y-security-1, MCP write tools (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted a mnemonic: string parameter, causing the BIP-39 seed to be embedded in the LLM tool-call JSON. T...
GHSA-7JP6-R74R-995Q OpenClaw: Matrix profile config persistence was reachable from operator.write message tools
Summary Matrix profile config persistence was reachable from operator.write message tools. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Gateway operator.write message-tool paths could reach Matrix profile persistence that should have...
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools
Summary Matrix profile config persistence was reachable from operator.write message tools. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Gateway operator.write message-tool paths could reach Matrix profile persistence that should have...