2336 matches found
CVE-2026-32041
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
CVE-2026-32041
OpenClaw vulnerable in versions prior to 2026.3.1 due to authentication bootstrap error at startup, leaving browser-control routes accessible without authentication. Local or loopback SSRF paths can reach browser-control routes, including evaluate-capable actions, without valid credentials. CVSS ...
GHSA-63F5-HHC7-CX6P OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
Summary openclaw versions = 2026.3.12 allowed bootstrap setup codes to be replayed before approval, which could widen the scopes on a pending device pairing request. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.3.12 - Fixed version: 2026.3.13 Details The...
OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval
Summary openclaw versions = 2026.3.12 allowed bootstrap setup codes to be replayed before approval, which could widen the scopes on a pending device pairing request. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.3.12 - Fixed version: 2026.3.13 Details The...
GHSA-VH8F-65QG-3M8J vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-73J8-2GCH-69RQ vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-C8GQ-RHQH-WGWM vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-4VGM-C2WM-63MW vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26130 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26127 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens
Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...
GHSA-7H7G-X2PX-94HJ OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens
Summary OpenClaw pairing setup codes generated by /pair and openclaw qr embedded the configured shared gateway token or password directly in the setup payload. Anyone who obtained that code from chat history, logs, screenshots, or copied QR payloads could recover the long-lived shared credential...
GHSA-C8GQ-RHQH-WGWM vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-4VGM-C2WM-63MW vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26127 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-73J8-2GCH-69RQ vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-VH8F-65QG-3M8J vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-26130 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
Exploit for Out-of-bounds Write in Netapp Bootstrap_Os
Typeform DevSecOps Pipeline POC !Pythonhttps://img.shields...
CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...