MAL-2026-3864 Malicious code in @antv/coord (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforceable write limits on the POST /sessions/:sessionKey/kill endpoint, allowing callers...

CVE-2026-32048

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

EUVD-2026-13943

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessionsspawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes with sandbox.mode set ...

CVE-2026-28482 OpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile Parameters

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

PT-2026-23557

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

GoCD: Spring security configuration allows agent sessions to be hijacked

Summary ======= If agents have successfully logged in, then unauthenticated requests to /go/agent-websocket or /go/remoting/ will randomly succeed sometimes. Description ======== The deprecated X509ProcessingFilter apparently does not work without a HttpSessionContextIntegrationFilter earlier on...

CVE-2012-0062

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...

CVE-2012-0062

Red Hat JBoss Operations Network (JBoss ON) is affected by CVE-2012-0062. Versions affected: JON before 2.4.2 and 3.0.x before 3.0.1. Root cause: an agent registration request could be processed without a valid security token. Impact: remote attackers can hijack an approved agent’s session and st...

CVE-2012-0062

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...