EUVD-2026-29142

OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...

Duplicate Advisory: OpenClaw's ACP child sessions inherit subagent security envelope constraints

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q3jj-46pq-826r. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents ...

GHSA-W626-296M-8F85 Duplicate Advisory: OpenClaw's ACP child sessions inherit subagent security envelope constraints

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q3jj-46pq-826r. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents ...

CVE-2026-44997 OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions

OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...

CVE-2026-44997 OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions

OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...

CVE-2026-44997

OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...

CVE-2026-44997

OpenClaw before 2026.4.22 is affected by a security envelope constraint bypass in ACP child sessions. The vulnerability allows restricted subagents to spawn ACP child sessions that do not inherit depth, child-count limits, control scope, or target-agent restrictions, potentially enabling privileg...

PT-2026-39686

OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that...

NPM: OpenClaw's ACP child sessions inherit subagent security envelope constraints

NPM: OpenClaw's ACP child sessions inherit subagent security envelope constraints vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.21...

OpenClaw's ACP child sessions inherit subagent security envelope constraints

Summary ACP child sessions inherit subagent security envelope constraints. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A restricted subagent spawning an ACP child session could fail to carry forward subagent-only...

CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass

wolfSSL's wcPKCS7DecodeAuthEnvelopedData does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸...

CVE-2026-5500

CVE-2026-5500 affects wolfSSL (library) in wc_PKCS7_DecodeAuthEnvelopedData; the AES-GCM authentication tag length is not properly validated (no lower bound), allowing a MITM to truncate the MAC from 16 bytes to 1 byte and reduce tag verification strength from 2^-128 to 2^-8. This is described in...

CVE-2026-5479

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...

GHSA-C7W3-X93F-QMM8 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

Summary When a custom envelope object is passed to sendMail with a size property containing CRLF characters \r\n, the value is concatenated directly into the SMTP MAIL FROM command without sanitization. This allows injection of arbitrary SMTP commands, including RCPT TO — silently adding...

CRLF Injection

Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the envelope.size parameter in the sendMail function. An attacker can inject arbitrary SMTP commands by supplying CRLF characters in the size...

CRLF Injection

Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the envelope.size parameter in the sendMail function. An attacker can inject arbitrary SMTP commands by supplying CRLF...

Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

Summary When a custom envelope object is passed to sendMail with a size property containing CRLF characters \r\n, the value is concatenated directly into the SMTP MAIL FROM command without sanitization. This allows injection of arbitrary SMTP commands, including RCPT TO — silently adding...

MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL

Mantis Bug Tracker instances running on MySQL and compatible databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion...

CVE-2026-30227

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

MimeKit 注入漏洞

MimeKit is a C library developed by Jeffrey Stedfast for creating and parsing MIME messages. Versions of MimeKit prior to 4.15.1 had a injection vulnerability, which stemmed from CRLF injections in the local part of SMTP envelope addresses. This vulnerability could lead to SMTP command injections...