4 matches found
CVE-2026-35630
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...
PT-2026-44896
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An authorization bypass exists in the QQBot native approval buttons. The button callback path fails to enforce the configured approver identity, allowing users who are not authorized approvers t...
PT-2026-35758
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An incomplete host-env-security-policy.json fails to restrict compiler binary environment variables. This allows untrusted models to substitute CC, CXX, CARGO BUILD RUSTC, and CMAKE C COMPILER...
CVE-2021-20198
A flaw was found in the OpenShift Installer. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated /exec...