11 matches found
CVE-2026-11406 GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection
A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...
OpenClaw Information Disclosure Vulnerability (CNVD-2026-13370)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability. The vulnerability stems from the fact that skills.status may return raw parsed configuration values for the skills.config path via configChecks, which can be...
CVE-2026-26326
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...
CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...
CVE-2026-26326
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...
CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...
CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...
CVE-2026-26326
CVE-2026-26326 affects the OpenClaw OpenClaw AI assistant. Before version 2026.2.14, the function skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for requires.config paths. The fix in 2026.2.14 stops including raw resolved conf...
OpenClaw 信息泄露漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an information disclosure vulnerability. The vulnerability stems from the fact that skills.status may return raw parsed configuration values for the skills.config path via configChecks, which can be...
GHSA-8MH7-PHF8-XGFM OpenClaw skills.status could leak secrets to operator.read clients
Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...
PT-2026-20960
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The skills.status function could reveal sensitive information to clients with operator.read access. This occurred because the function returned raw resolved config values within configChecks for...