Lucene search
K

8 matches found

EUVD
EUVD
added 2026/05/05 11:24 a.m.8 views

EUVD-2026-27267

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:24 a.m.19 views

CVE-2026-43528

OpenClaw, prior to version 2026.4.14, is affected by a redaction bypass vulnerability that lets authenticated gateway clients read unredacted secrets via the sourceConfig and runtimeConfig aliases. Attackers with config read access can obtain sensitive material such as provider API keys, gateway ...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.41 views

CVE-2026-43528 OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases

OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication...

7.1CVSS0.00333EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from editing bypasses, allowing authenticated gateway clients to receive unedited secrets through alias fiel...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.14 views

PT-2026-37014

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description A redaction bypass exists that allows authenticated gateway clients with config read access to receive unredacted secrets. This occurs through the sourceConfig and runtimeConfig alias fields,...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References7
OSV
OSV
added 2026/03/05 10:16 p.m.3 views

CVE-2026-28459

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

8.1CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 2026/03/05 9:59 p.m.4 views

EUVD-2026-9907

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

7.1CVSS6AI score0.00363EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.1 views

CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

7.1CVSS5.9AI score0.00363EPSS
Exploits0References4
Rows per page
Query Builder