CVE-2026-27004 OpenClaw session tool visibility hardening and Telegram webhook secret fallback

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...

GO-2026-4471 Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() on crypto/rand failure in github.com/gofiber/fiber

Fiber has an insecure fallback in utils.UUIDv4 / utils.UUID — predictable / zero‑UUID on crypto/rand failure in github.com/gofiber/fiber...

GHSA-6HF3-MHGC-CM65 OpenClaw session tool visibility hardening and Telegram webhook secret fallback

Vulnerability In some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in multi-user environments where peers are not equally...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50113)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50113 advisory. - sunrpc: fix client side handling of tls alerts Olga Kornievskaia Orabug: 38334981 CVE-2025-38571 - sunrpc: fix handling of server side tls alert...

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

CVE-2026-2439

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

CVE-2026-2439 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generatesessionid function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are...

PT-2026-8387

Name of the Vulnerable Software and Affected Versions Concierge::Sessions versions 0.8.1 through 0.8.4 Description The generate session id function within Concierge::Sessions::Base defaults to insecure methods for generating session identifiers. Specifically, it uses the uuidgen command, which ma...

CVE-2026-23154 net: fix segmentation of forwarding fraglist GRO

In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKBGSODODGY flag for fraglist GSO packets, addressing low throughput issues observed when a station accesses IPv4...

EUVD-2026-5883

In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKBGSODODGY flag for fraglist GSO packets, addressing low throughput issues observed when a station accesses IPv4...

CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

GHSA-68RR-P4FP-J59V Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...

K000159874: SSSD vulnerability CVE-2025-11561

Security Advisory Description A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is...

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-1214)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP...

SUSE-SU-2026:20214-1 Security update for alloy

This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container...

CVE-2026-24054

Kata Containers Runtime (kata-containers) versions prior to 3.26.0 are affected. When a container image is malformed or has no layers, containerd bind-mounts an empty snapshotter directory for the container rootfs; the Kata runtime then mounts rootfs and may detect it as a block device, causing t...

MiracleLinux 9 : golang-1.20.12-1.el9_3 (AXSA:2024-7583:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7583:01 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when...

MiracleLinux 9 : sssd-2.9.4-6.el9 (AXSA:2024-7854:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7854:05 advisory. sssd: Race condition during authorization leads to GPO policies functioning inconsistently CVE-2023-3758 Bug Fixes: socket leak JIRA:RHEL-22340 Passkey canno...

AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery

This module exploits an unauthenticated remote code execution RCE vulnerability in AVideo's notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an attacker ...

SUSE CVE-2025-71126

In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported an MPTCP deadlock at fallback time: WARNING: possible recursive locking detected 6.18.0-rc7-virtme 1 Not tainted --------------------------------------------...