Lucene search
K

7 matches found

NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53809

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS0.00093EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:6 p.m.9 views

CVE-2026-53809 OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS5.3AI score0.00093EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 8:6 p.m.7 views

EUVD-2026-36315

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS5.5AI score0.00093EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:6 p.m.29 views

CVE-2026-53809 OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers can exploit this confusion to select bundled tool access outside intended provider...

4.8CVSS0.00093EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:6 p.m.18 views

CVE-2026-53809

OpenClaw is affected: the vulnerability exists in the embedded runner policy prior to version 2026.4.25. The issue is a policy bypass caused by provider alias confusion, allowing requests to be evaluated against aliases instead of canonical provider identities. Exploitation could enable access to...

4.8CVSS5.5AI score0.00093EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.25 contained security vulnerabilities. These vulnerabilities stemmed from a policy bypass in the embedded runner strategy, allowing requests using provider aliases to be compare...

4.8CVSS5.3AI score0.00093EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.10 views

PT-2026-48739

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A policy bypass exists in the embedded runner policy. This issue allows requests using provider aliases to be compared against aliases rather than canonical provider identities. When the affecte...

4.8CVSS5.2AI score0.00093EPSS
Exploits0References5
Rows per page
Query Builder