Lucene search
K

7 matches found

NVD
NVD
added 2026/04/10 5:17 p.m.9 views

CVE-2026-35655

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...

6.9CVSS0.00228EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.4 views

CVE-2026-35655 OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.2 views

CVE-2026-35655

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 4:3 p.m.5 views

EUVD-2026-21456

OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 10:16 p.m.10 views

CVE-2026-40149

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, a...

7.9CVSS0.00227EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the/api/approval/allow-list endpoint, which unauthenticated modifications to the tool approval...

7.9CVSS5.8AI score0.00227EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 9:46 p.m.3 views

GHSA-74WF-H43J-VVMJ OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting

Summary ACP permission resolution trusted conflicting tool identity hints from rawInput and metadata, which could suppress dangerous-tool prompting. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References6
Rows per page
Query Builder