9 matches found
GHSA-G53W-W6MJ-HRPP MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path
Summary The MCP router extproc exposes an initialize-method code path that, when a request carries an mcp-init-host header, bypasses the gateway JWT session validator and rewrites the upstream :authority header to whatever the caller chooses, gated only by a single shared header value router-key...
EUVD-2026-26122
OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...
GHSA-9GVX-VJ57-VQQX Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mqc-jqh6-x8fc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where...
CVE-2026-32031
CVE-2026-32031 affects OpenClaw server-http prior to 2026.2.26. The issue is an authentication bypass in gateway authentication for plugin channel endpoints caused by a path canonicalization mismatch between the gateway guard and the plugin handler routing. This allows attackers to bypass authent...
GHSA-F842-PHM9-P4V4 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...
Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...
CVE-2025-14025
CVE-2025-14025 affects Red Hat Ansible Automation Platform (AAP) where read-only OAuth2 tokens bypass gateway write restrictions, enabling write operations to backend services (Controller, Hub, EDA) limited only by RBAC. The issue is fixed via Red Hat advisories RHSA-2026:0360/0361, which note a ...
Cisco IOS XE Software 安全漏洞
Cisco IOS XE Software is an operating system from the U.S. company Cisco Cisco. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity.Cisco IOS XE Software is vulnerable to an exploit that could be used ...
Malicious Activity Over DNS Tunneling
DNS Tunneling is used to pass non-DNS information using DNS messages, which are normally allowed by security devices. Malicious users or malware may use DNS tunnels to bypass inspection by the security gateway...