Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the handling of environment variable overrides for proxy, TLS, Docker, and Git TLS controls. An attacker can bypass intended security restrictions by...

GHSA-9GP8-HJXR-6F34 OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls

Summary Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28: host exec env policy still missed proxy, TLS, Docker, and Git TLS variables until 4d912e0451 on...

OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls

Summary Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28: host exec env policy still missed proxy, TLS, Docker, and Git TLS variables until 4d912e0451 on...

Linux Distros Unpatched Vulnerability : CVE-2026-33997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be...

Linux Distros Unpatched Vulnerability : CVE-2026-33990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF...

Docker Engine 29.3.1 Multiple Vulnerabilities

The version of the Docker Engine installed on the remote host is prior to 29.3.1. It is therefore affected by multiple vulnerabilities: - CVE-2026-34040: AuthZ plugin authorization bypass vulnerability. Authorization plugins could be bypassed under specific conditions, potentially allowing...

GO-2026-4883 Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker

Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker...

GO-2026-4911 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF) in github.com/docker/model-runner

Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery SSRF in github.com/docker/model-runner...

GO-2026-4887 Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker

Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker...

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

PT-2026-29951

Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery SSRF in github.com/docker/model-runner...

PT-2026-29934

Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker...

Docker Desktop < 4.67.0 SSRF

The version of Docker Desktop is prior to 4.67.0. It is therefore affected by a server-side request forgery vulnerability. - Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry’s...

PT-2026-29933

Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker...

Docker Desktop < 4.67.0 SSRF (CVE-2026-33990)

The version of Docker Desktop installed on the remote host is prior to 4.67.0. It is, therefore, affected by a server-side request forgery SSRF vulnerability: - Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows t...

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

UBUNTU-CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...