OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch

Summary Google Chat allowlisting supports matching by sender email in addition to immutable sender resource name users/. This weakens identity binding if a deployment assumes allowlists are strictly keyed by immutable principals. Affected Packages / Versions As of 2026-02-14; based on latest...

Server-side Request Forgery (SSRF)

Overview cisco-ai-skill-scanner is a Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to its APIs binding to 0.0.0.0. If the API server is enabled, ...

GHSA-PPFX-73J5-FHXC Skill-scanner Unsecured Network Binding Vulnerability

Description: A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. ...

Skill-scanner Unsecured Network Binding Vulnerability

Description: A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. ...

GHSA-MP5H-M6QJ-6292 OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass

Summary In Telegram webhook mode, if channels.telegram.webhookSecret is not set, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by an attacker, this can allow forged Telegram updates for example...

Binding to an Unrestricted IP Address

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address via ensureChromeExtensionRelayServer. An attacker can access relay HTTP endpoints from off-host locations by passing a wildcard cdpUrl, potentially...

PT-2026-23524

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.14-1 through 2026.2.11 Description The software contains an improper network binding issue in the Chrome extension relay server. The server incorrectly handles wildcard hosts, treating them as loopback addresses. This...

PT-2026-20911

Name of the Vulnerable Software and Affected Versions Skill-scanner versions 1.0.1 and earlier Description Skill Scanner is a security scanner for AI Agent Skills designed to detect prompt injection, data exfiltration, and malicious code patterns. A flaw in the API Server component could permit a...

CLSA-2026-1771240859 kernel: Fix of 13 CVEs

vsock: Do not allow binding to VMADDRPORTANY CVE-2025-38618 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - pptp: ensure minimal skb length in pptpxmit CVE-2025-38574 - ipv6: reject malicious packets in ipv6gsosegment CVE-2025-38572 -...

CVE-2026-2577

The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of freed resources after a binding interface failure, potentially leading to memory...

CVE-2026-21528

Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

CVE-2026-21528

Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

CVE-2026-2137

A vulnerability has been found in Tenda TX3 up to 16.03.13.11multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

Cross-site Scripting (XSS)

billboard.js is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-controlled input during chart option binding, which allows an attacker to inject and execute malicious JavaScript code in the context of the application...

Nixpkgs 安全漏洞

Nixpkgs is a collection of over 100,000 software packages open source from NixOS. It can be installed using the Nix package manager. Nixpkgs versions 25.05 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the ability for any system user to execute commands with t...

EUVD-2026-5811

A vulnerability has been found in Tenda TX3 up to 16.03.13.11multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-25758

Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to...

CVE-2026-2075 yeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access control

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...

CVE-2026-2075 yeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access control

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...