Lucene search
+L

79 matches found

vulnrichment
vulnrichment
added 2026/06/12 9:56 p.m.9 views

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/12 9:56 p.m.30 views

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

8.3CVSS0.00191EPSS
Exploits0References2
cve
cve
added 2026/06/12 9:56 p.m.28 views

CVE-2026-53831

OpenClaw

8.3CVSS5.3AI score0.00191EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/06/12 9:56 p.m.8 views

CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

7.1CVSS5.4AI score0.00375EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.20 views

PT-2026-49035

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description A policy enforcement issue exists in the system.run safe-bin allowlist validation on POSIX nodes. This flaw allows shell expansion to modify how commands are interpreted. Authenticated operators...

8.3CVSS5.2AI score0.00191EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41379

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS5.2AI score0.00243EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/28 6:9 p.m.32 views

CVE-2026-41379 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice Config

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS0.00243EPSS
Exploits0References3
euvd
euvd
added 2026/04/28 6:9 p.m.7 views

EUVD-2026-26088

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS5.2AI score0.00243EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/04/28 12:0 a.m.9 views

PT-2026-35764

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description Authenticated operators with write permissions can escalate privileges to access admin-class Talk Voice configuration persistence. This is possible by exploiting the 'chat.send' endpoint to reac...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References6
euvd
euvd
added 2026/04/24 12:31 a.m.6 views

EUVD-2026-25343

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References4
osv
osv
added 2026/04/24 12:31 a.m.4 views

GHSA-394X-274P-MQC6 Duplicate Advisory: OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-767m-xrhc-fxm7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write...

7.1CVSS5.7AI score0.00232EPSS
Exploits0References4
nvd
nvd
added 2026/04/23 10:16 p.m.9 views

CVE-2026-41359

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

8.8CVSS0.00232EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/23 9:58 p.m.5 views

CVE-2026-41359

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.4 views

PT-2026-34790

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/04/20 11:8 p.m.5 views

CVE-2026-41299

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/04/20 12:0 a.m.11 views

PT-2026-33866

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/10 4:3 p.m.6 views

CVE-2026-35653

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the...

8.1CVSS5.8AI score0.006EPSS
Exploits1References5
cve
cve
added 2026/04/09 7:43 p.m.26 views

CVE-2026-40089

Sonicverse (Self-hosted Docker Compose stack) contains an SSRF in the dashboard API client (apps/dashboard/lib/api.ts). User-controlled URLs are passed from the dashboard to a server-side HTTP client without sufficient validation, allowing an authenticated operator to trigger arbitrary HTTP reque...

9.9CVSS6AI score0.00232EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/04/09 12:0 a.m.8 views

Sonicverse 代码问题漏洞

Sonicverse is an open-source, hosted real-time radio audio streaming solution developed by Sonicverse. There are code-related vulnerabilities in Sonicverse; these vulnerabilities stem from the API client accepting user-controlled URLs with insufficient validation. This could allow authenticated...

9.9CVSS5.9AI score0.00232EPSS
Exploits0References1
nvd
nvd
added 2026/04/02 7:16 p.m.6 views

CVE-2023-7342

HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this fla...

8.8CVSS0.00265EPSS
Exploits0References2
Rows per page
Query Builder