37 matches found
MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills
AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chai...
vulnhunt-agent
Vulnerability Hunting Agent An LLM agent that reads code,...
OpenClaw Encryption Problem Vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a cryptographic issue vulnerability that stems from the use of SHA-1 hashed Docker and browser sandbox configurations of the sandbox identifier cache key, which can be exploited by an attacker to enable...
CVE-2026-28479
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...
CVE-2026-28479
CVE-2026-28479 affects OpenClaw before 2026.2.15, which uses SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations. The deprecation of SHA-1 and its collision vulnerability can allow cache poisoning, causing one sandbox configuration to be misinterpreted as ano...
EUVD-2026-9925
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...
CVE-2026-28479
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...
OpenClaw has an unspecified vulnerability (CNVD-2026-13380)
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a security vulnerability that stems from a Docker tool sandbox configuration injection issue that can be exploited by an attacker to cause container escape or host data access...
OpenClaw < 2026.2.15 Multiple Vulnerabilities
The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.2.15. It is, therefore, affected by multiple vulnerabilities, including: - A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options such as bind mounts, host networking, a...
CVE-2026-27002
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
CVE-2026-27002
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
OpenClaw 安全漏洞
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a security vulnerability that stems from a Docker tool sandbox configuration injection issue that can be exploited by an attacker to cause container escape or host data access...
CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
CVE-2026-27002
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
CVE-2026-27002
OpenClaw CVE-2026-27002 describes a configuration injection issue in the Docker tool sandbox that could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access. Affected software: OpenClaw prior to version 202...
Use of Weak Hash
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of Weak Hash due to the use of SHA-1 in the process that generates sandbox identifier cache keys for Docker or browser sandbox configuration. An attacker can cause one configuration t...
OpenClaw: Docker container escape via unvalidated bind mount config injection
Summary A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. Affected Packages / Versions - Package: openclaw npm - Affected versions: =...
PT-2026-20964
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, potentially enabling container...