Lucene search
K

6 matches found

EUVD
EUVD
added 3 days ago10 views

EUVD-2026-36322

OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance...

8.6CVSS5.8AI score0.00342EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 9:16 p.m.13 views

CVE-2026-53816

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway,...

8.6CVSS0.00342EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:11 p.m.5 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the node event handling process. An attacker can gain unauthorized access to restricted exec lifecycle events by sending crafted node.event messages from a paired...

8.6CVSS5.9AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48746

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description Insufficient provenance validation in node event handling allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send...

8.6CVSS5.2AI score0.00342EPSS
Exploits0References7
OSV
OSV
added 2026/04/09 2:22 p.m.3 views

GHSA-GFMX-PPH7-G46X OpenClaw: Lower-trust background runtime output is injected into trusted `System:` events, and local async exec completion misses the intended `exec-event` downgrade

Impact Lower-trust background runtime output is injected into trusted System: events, and local async exec completion misses the intended exec-event downgrade. Lower-trust runtime/background output could be promoted into trusted System events, allowing prompt-injection into later agent turns...

7.3CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/13 8:19 p.m.6 views

EUVD-2025-34079

tracexec has env command argument injection via environment variables starting with dash in traced exec events...

6.9AI score
Exploits0References4
Rows per page
Query Builder