Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

87061 matches found

NVD
NVDadded 2026/04/10 5:17 p.m.11 views

CVE-2026-35663

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS0.00276EPSS
Exploits0References3
NVD
NVDadded 2026/04/10 5:17 p.m.6 views

CVE-2026-35660

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...

8.1CVSS0.00272EPSS
Exploits0References4
NVD
NVDadded 2026/04/10 5:17 p.m.7 views

CVE-2026-35620

OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...

5.4CVSS0.00442EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2026/04/10 4:3 p.m.2 views

CVE-2026-35669 OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/10 4:3 p.m.5 views

EUVD-2026-21484

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/10 4:3 p.m.25 views

CVE-2026-35669 OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

8.8CVSS0.00298EPSS
Exploits0References3
CVE
CVEadded 2026/04/10 4:3 p.m.20 views

CVE-2026-35669

OpenClaw is affected prior to version 2026.3.25. The vulnerability resides in the gateway-authenticated plugin HTTP routes, where the system incorrectly mints operator.admin runtime scope regardless of caller-granted scopes. This scope boundary bypass can allow an attacker to escalate privileges ...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/10 4:3 p.m.5 views

CVE-2026-35669

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/10 4:3 p.m.7 views

EUVD-2026-21472

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/10 4:3 p.m.0 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3
CVE
CVEadded 2026/04/10 4:3 p.m.17 views

CVE-2026-35663

CVE-2026-35663 affects OpenClaw prior to 2026.3.25. A privilege-escalation vulnerability allows non-admin operators to self-request broader scopes during backend reconnect, bypassing pairing requirements and reconnecting as operator.admin to gain unauthorized administrative privileges. Impact is ...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/10 4:3 p.m.0 views

CVE-2026-35663

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/10 4:3 p.m.23 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS0.00276EPSS
Exploits0References3
CVE
CVEadded 2026/04/10 4:3 p.m.6 views

CVE-2026-35660

OpenClaw is affected by a vulnerability in the Gateway agent’s /reset endpoint, prior to version 2026.3.23. The flaw grants callers with operator.write permission the ability to reset admin sessions by invoking /reset or /new with an explicit sessionKey, bypassing operator.admin requirements and ...

8.1CVSS5.9AI score0.00272EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/04/10 4:3 p.m.4 views

EUVD-2026-21466

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...

8.1CVSS5.9AI score0.00272EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/10 4:3 p.m.26 views

CVE-2026-35660 OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...

8.1CVSS0.00272EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/10 4:3 p.m.0 views

CVE-2026-35660

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...

8.1CVSS5.9AI score0.00272EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/10 4:3 p.m.3 views

CVE-2026-35660 OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...

8.1CVSS5.9AI score0.00272EPSS
Exploits0References4
CVE
CVEadded 2026/04/10 4:3 p.m.17 views

CVE-2026-35620

Technical details beyond the description are not provided in the supplied documents. Monitor for updates from official advisories.

5.4CVSS5.9AI score0.00442EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/10 4:3 p.m.1 views

CVE-2026-35620 OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands

OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...

5.4CVSS5.9AI score0.00442EPSS
Exploits1References6
Rows per page
Query Builder