OpenClaw: Host environment sanitizer missed two Node.js control variables

Summary Host environment sanitizer missed two Node.js control variables. In affected versions, a lower-trust env source such as a workspace .env, tool env override, or skill env block could pass Node.js control variables through the shared sanitizer. This advisory is scoped to the named feature a...

GHSA-WXV8-W48J-R2F4 vulnerabilities

Vulnerabilities for packages: python...

ROOT-OS-DEBIAN-11-CVE-2025-38464 CVE-2025-38464 in rootio-linux - Patched by Root

Root has patched CVE-2025-38464 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

CVE-2026-12505

CVE-2026-12505 concerns the cifs-utils package. The issue: the root-owned cifs.upcall fails to securely drop root privileges before consulting user information, allowing a local, low-privilege attacker to craft a request_key payload that causes the process to enter a controlled environment with a...

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

CVE-2026-50200

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...

CVE-2026-54445 Vantage6: Set admin user and password from environment or configuration

vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username root and password root. This is not ideal because attackers know that almost all vantage6 servers have a user with username root that probably has admin rights,...

CVE-2026-50201 Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, all Steeltoe actuator endpoints default to...

CVE-2026-50200 Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...

Malicious code in scan-only (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...

CVE-2026-55743

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...

CVE-2026-55743 OpenHuman desktop agent shell tool sandbox bypass leads to arbitrary command execution

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...

CVE-2026-55743

OpenHuman desktop agent (before 0.54.0, fixed in 0.56.0) contains two policy flaws in src/openhuman/security/policy.rs that bypass the shell allowlist, enabling remote code execution via indirect prompt injection. First, is_args_safe() blocks -exec and -ok while not blocking -execdir/-okdir (whic...

EUVD-2026-37722

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 isargssafe blocks...

Malicious code in vite-config-field (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...

MAL-2026-5936 Malicious code in vite-config-field (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...

Duplicate Advisory: Host environment sanitizer missed two Node.js control variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ccwh-wwpp-6wg5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that...

GHSA-4FVR-RGM6-GQMC vulnerabilities

Vulnerabilities for packages: authentik-fips, metaflow-service-fips, tritonserver-backend-vllm-cuda-13.0, mlflow, text-generation-inference, mlflow-fips, request-1276, authentik...

GHSA-4M7W-QMGQ-4WJ5 vulnerabilities

Vulnerabilities for packages: authentik-fips, metaflow-service-fips, tritonserver-backend-vllm-cuda-13.0, mlflow, text-generation-inference, mlflow-fips, request-1276, authentik...