ROS-20260407-73-0004

A vulnerability in the olddeviceless function of the net/bridge/brioctl.c module of the Linux operating system kernel network functions implementation is related to errors in updating the reference count. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

GHSA-48VW-M3QC-WR99 OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths

Summary Trusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

GHSA-RQPP-RJJ8-7WV8 OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

Summary A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend connections to keep client-declared scopes without server-side binding. A shared-authenticated client could present elevated scopes such as operator.admin...

OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

Summary A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend connections to keep client-declared scopes without server-side binding. A shared-authenticated client could present elevated scopes such as operator.admin...