14 matches found
CVE-2026-43528
OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...
CVE-2026-43528
OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...
CVE-2026-43528
OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...
CVE-2026-43528
OpenClaw, prior to version 2026.4.14, is affected by a redaction bypass vulnerability that lets authenticated gateway clients read unredacted secrets via the sourceConfig and runtimeConfig aliases. Attackers with config read access can obtain sensitive material such as provider API keys, gateway ...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the sourceConfig and runtimeConfig alias fields, which were not properly redacted. An attacker can obtain sensitive...
CVE-2026-28459
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
CVE-2026-28459
OpenClaw vulnerability CVE-2026-28459 affects OpenClaw versions prior to 2026.2.12. The issue is an inadequate validation of the sessionFile path parameter, permitting authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. An attacker can supply a se...
CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
EUVD-2026-9907
OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...
GHSA-45CG-2683-GFMQ OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files
Impact assertBrowserNavigationAllowed validated only http:/https: network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to file:// URLs and read local files via browser snapshot/extraction flows. Affected Component -...
Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet, a different vulnerability than CVE-2010-3302...
Buffer overflow
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet...
CVE-2010-3753
CVE-2010-3753 affects the Openswan client (xauth.c) in OpenSwan 2.6.26–2.6.28, where remote authenticated gateways can trigger command execution via shell metacharacters in the Cisco_banner/server_banner field. The root cause is improper input handling in the banner field, enabling arbitrary code...