Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/04/20 11:8 p.m.32 views

CVE-2026-41295 OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

8.5CVSS0.00133EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:8 p.m.4 views

CVE-2026-41295

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.4 views

CVE-2026-41295 OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.9 views

PT-2026-33862

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 6:15 p.m.3 views

GHSA-2QRV-RC5X-2G2H OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup

Summary Before OpenClaw 2026.4.2, built-in channel setup and login could resolve an untrusted workspace channel shadow before the plugin was explicitly trusted. A malicious workspace plugin that claimed a bundled channel id could execute during channel setup even while still disabled. Impact A...

6.3CVSS6.2AI score0.00133EPSS
Exploits0References3
Rows per page
Query Builder