CVE-2026-41388

OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls...

CVE-2026-41388

OpenClaw advisory CVE-2026-41388 affects openclaw (npm) prior to 2026.3.31. The issue is a configuration management vulnerability where startup migration treats empty-array settings as missing values, allowing an attacker to restart the application and rehydrate revoked Tlon configuration from fi...

CVE-2026-41388 OpenClaw < 2026.3.31 - Configuration Rehydration via Empty-Array Revocation Handling

OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls...

PT-2026-35773

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A configuration management issue exists where startup migration treats empty-array settings as missing values. This allows attackers to restart the application to rehydrate revoked Tlon...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from configuration management issues, where the migration process incorrectly treated empty arrays as missin...

systemd 安全漏洞

Systemd is a Linux-based system and service manager developed by Lennart Poettering of Germany. This product is compatible with SysV and LSB startup scripts, and it provides a framework for representing dependencies between system services. Prior versions of systemd had security vulnerabilities;...

Interpretation Conflict

Overview @openclaw/tlon is an OpenClaw Tlon/Urbit channel plugin Affected versions of this package are vulnerable to Interpretation Conflict in the startup migration process. An attacker can restore previously revoked configuration settings by leveraging the improper handling of empty-array value...

Interpretation Conflict

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Interpretation Conflict in the startup migration process. An attacker can restore previously revoked configuration settings by leveraging the improper handling of empty-array values in th...

CVE-2024-39701

Directus is a real-time API and App dashboard for managing SQL database content. Directus =9.23.0, =v10.5.3 improperly handles in, nin operators. It evaluates empty arrays as valid so expressions like "role": "in": $CURRENTUSER.somefield would evaluate to true allowing the request to pass. This...

Improper Access Control

directus is vulnerable to Improper Access Control. The vulnerability is due to improper handling of in and nin operators, which allows an attacker to query expressions with empty arrays, which are evaluated as valid, resulting in unauthorized access...

CVE-2024-39701 Directus Incorrectly handles _in` filter

Directus is a real-time API and App dashboard for managing SQL database content. Directus =9.23.0, =v10.5.3 improperly handles in, nin operators. It evaluates empty arrays as valid so expressions like "role": "in": $CURRENTUSER.somefield would evaluate to true allowing the request to pass. This...

PT-2024-27149 · Oneflow · Oneflow

Name of the Vulnerable Software and Affected Versions: Oneflow version 0.9.1 Description: An issue in OneFlow-Inc. Oneflow allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.dot. Recommendations: For version 0.9.1, consider avoiding the use of...

PT-2024-27141 · Oneflow · Oneflow

Name of the Vulnerable Software and Affected Versions: Oneflow version 0.9.1 Description: The issue allows attackers to cause a Denial of Service DoS when an empty array is processed with oneflow.tensordot. Recommendations: For version 0.9.1, consider avoiding the use of oneflow.tensordot with...