CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2026/05/11 6:31 p.m.•25 views

EUVD-2026-29151

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

8.8CVSS5.8AI score0.00489EPSS

Exploits0References4

ATTACKERKB•added 2026/05/11 4:46 p.m.•14 views

CVE-2026-45006

8.8CVSS5.8AI score0.00489EPSS

Exploits0References4

Cvelist•added 2026/05/11 4:46 p.m.•52 views

CVE-2026-45006 OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass

8.8CVSS0.00489EPSS

Exploits0References3

CNNVD•added 2026/05/11 12:0 a.m.•9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the gateway tools config.apply and config.patch, allowing compromised models...

8.8CVSS5.9AI score0.00489EPSS

Exploits0References1

NVD•added 2026/02/06 9:16 p.m.•5 views

CVE-2026-25593

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

8.4CVSS0.00639EPSS

Exploits0References1

CVE•added 2026/02/06 8:56 p.m.•14 views

CVE-2026-25593

CVE-2026-25593 affects OpenClaw (personal AI assistant). Before 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values, which were later used for command discovery and allowed command injection as the gateway u...

8.4CVSS5.4AI score0.00639EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/02/06 8:56 p.m.•22 views

CVE-2026-25593 OpenClaw Affected by Unauthenticated Local RCE via WebSocket config.apply

8.4CVSS0.00639EPSS

Exploits0References1

ATTACKERKB•added 2026/02/06 8:56 p.m.•5 views

CVE-2026-25593

8.4CVSS5.4AI score0.00639EPSS

Exploits0References2Affected Software1

EUVD•added 2026/02/06 8:56 p.m.•6 views

EUVD-2026-5577

8.4CVSS5.4AI score0.00639EPSS

Exploits0References1

Snyk•added 2026/02/04 8:6 p.m.•3 views

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via config.apply. An attacker can execute arbitrary commands as the gateway process user by supplying crafted cliPath values through the Gatew...

8.6CVSS5.9AI score0.00639EPSS

Exploits0References3

OSV•added 2026/02/04 8:6 p.m.•2 views

GHSA-G55J-C2V4-PJCG OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply

Summary An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. Impact A local process on the same machine could execute arbitrary...

8.4CVSS5.9AI score0.00639EPSS

Exploits0References3