CVE-2026-46900

Technical details for CVE-2026-46900 are not publicly available in the provided documents. Monitor for updates from official sources to obtain affected products, impact, and remediation information.

CVE-2026-46901

Technical details about CVE-2026-46901 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-46898

Technical details about CVE-2026-46898 are not publicly provided in the supplied documents. No affected products, vulnerable components, impact, or remediation are specified here. Monitor for official updates from CVE/CVE List and Oracle security alerts.

CVE-2026-46899

Technical details about CVE-2026-46899 are not publicly available in the provided documents. Monitor for updates from Oracle and CVE feeds for affected product, vulnerability scope, impact, and remediation.

CVE-2026-46897

Technical details about CVE-2026-46897 are not publicly available in the provided documents. Monitor for updates from Oracle and CVE feeds for affected products, versions, and remediation.

CVE-2026-46896

Technical details are not publicly available in the provided documents. Monitor for updates from Oracle security alerts and CVE records for affected products and fixed versions.

CVE-2026-46895

Technical details for CVE-2026-46895 are not publicly available in the provided documents. Monitor for updates from Oracle and the CVE list for advisories or fixes.

CVE-2026-53866

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision,...

CVE-2026-53861

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command...

CVE-2026-53865

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by...

CVE-2026-53850

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority,...

CVE-2026-53854

OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. Attackers can exploit this by sending commands on affected internal or webchat paths to...

CVE-2026-53853

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted...

CVE-2026-53845

OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy...

CVE-2026-53848

OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to...

GHSA-7XH3-MHG9-JCW8 Deno: Command Injection via spawnSync & spawn on Windows

Summary Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.exe metacharacters such as &, |, , ^, !, , , and did not neutralize %...

Deno: Command Injection via spawnSync & spawn on Windows

Summary Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.exe metacharacters such as &, |, , ^, !, , , and did not neutralize %...

GHSA-5R4W-85F3-PW66 Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Summary There is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host.example.com with stricter TLS options for...

Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Summary There is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host.example.com with stricter TLS options for...

CVE-2026-0150

In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation...