CVE-2026-41398 OpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI Bridge

OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting...

CVE-2026-41398

OpenClaw (npm package) is affected by an improper access-control vulnerability in the iOS A2UI bridge prior to 2026.4.2. A local-network or tailnet page can be loaded to a vulnerable session and trigger unauthorized agent.request runs, polluting session state and depleting budget. The issue is fi...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained a access control vulnerability, which stemmed from improper access control in the iOS A2UI bridge. This vulnerability could allow attackers to inject unauthorized...

PT-2026-35763

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A privilege escalation issue allows paired nodes with role=node to dispatch node.event agent requests, granting unrestricted tool access on the gateway side. Attackers possessing trusted paired...

CVE-2025-53360

CVE-2025-53360 affects the pluginsGLPI Database Inventory Plugin for GLPI. Prior to version 1.0.3, any authenticated user could send requests to the Teclib’ inventory agents, effectively exposing/invoking inventory actions on workstation databases. The issue is mitigated by upgrading to version 1...

CVE-2025-53360 pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3...

CVE-2025-53360 pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3...

CVE-2025-53360 pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3...

CVE-2021-37545

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made...

CVE-2021-37545

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made...

Authentication flaw

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made...

CVE-2021-37545

CVE-2021-37545 concerns JetBrains TeamCity prior to 2021.1.1, where insufficient authentication checks for agent requests were reported. Public sources (JetBrains Security Bulletin Q2 2021) indicate this issue affected TeamCity and was addressed in the 2021.1.1 release. The CVE entry notes the vu...

CVE-2021-37545

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made...