Lucene search
+L

94 matches found

euvd
euvd
added 2026/03/31 3:25 p.m.7 views

EUVD-2026-17490

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SS...

5.9CVSS5.8AI score0.00396EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32041

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.8CVSS5.8AI score0.0011EPSS
Exploits0References1
snyk
snyk
added 2026/03/20 12:41 a.m.7 views

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper handling of authentication bootstrap errors during startup, which leaves browser-control routes accessible without...

7.8CVSS5.9AI score0.0011EPSS
Exploits0References2
nvd
nvd
added 2026/03/19 10:16 p.m.4 views

CVE-2026-32041

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.8CVSS0.0011EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/19 10:7 p.m.1 views

CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.5CVSS5.8AI score0.0011EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/19 10:7 p.m.1 views

CVE-2026-32041

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.5CVSS5.8AI score0.0011EPSS
Exploits0References3
cve
cve
added 2026/03/19 10:7 p.m.15 views

CVE-2026-32041

OpenClaw vulnerable in versions prior to 2026.3.1 due to authentication bootstrap error at startup, leaving browser-control routes accessible without authentication. Local or loopback SSRF paths can reach browser-control routes, including evaluate-capable actions, without valid credentials. CVSS ...

7.8CVSS5.8AI score0.0011EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/03/19 10:7 p.m.2 views

CVE-2026-32041 OpenClaw < 2026.3.1 - Unauthenticated Browser Control Access via Failed Auth Bootstrap

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.5CVSS5.9AI score0.0011EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/03/19 12:0 a.m.9 views

OpenClaw 访问控制错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that is caused by a failure to properly handle authentication boot errors during startup. An attacker can exploit the vulnerability to cause a local process or...

7.8CVSS5.8AI score0.0011EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/07 1:44 a.m.5 views

CVE-2026-28468

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve...

8.5CVSS5.8AI score0.00142EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

8.4CVSS6AI score0.00196EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/05 9:59 p.m.30 views

CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints

OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...

8.4CVSS0.00196EPSS
Exploits0References3
cve
cve
added 2026/03/05 9:59 p.m.21 views

CVE-2026-28468

OpenClaw: A sandbox browser bridge server vulnerability in versions 2026.1.29-beta.1 prior to 2026.2.14 allows local attackers to bypass gateway authentication and access browser control endpoints. A local attacker can enumerate tabs, retrieve WebSocket URLs, execute JavaScript, and exfiltrate co...

8.5CVSS6AI score0.00142EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28462

OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...

8.7CVSS6AI score0.00425EPSS
Exploits0References4
euvd
euvd
added 2026/03/05 9:59 p.m.6 views

EUVD-2026-9908

OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...

8.7CVSS6AI score0.00425EPSS
Exploits0References3
osv
osv
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28462 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths

OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...

8.7CVSS6AI score0.00425EPSS
Exploits0References5
github
github
added 2026/03/02 9:49 p.m.9 views

OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication. Impact On affected deployments,...

7.8CVSS5.9AI score0.0011EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/03/02 9:49 p.m.9 views

GHSA-VPJ2-69HF-RPPW OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication. Impact On affected deployments,...

7.5CVSS5.9AI score0.0011EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/02/21 1:28 a.m.7 views

CVE-2026-26317

OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A...

7.1CVSS5.6AI score0.0014EPSS
Exploits0References1
nvd
nvd
added 2026/02/19 10:16 p.m.8 views

CVE-2026-26317

OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A...

7.1CVSS0.0014EPSS
Exploits0References3
Rows per page
Query Builder