Lucene search
K

6 matches found

NVD
NVD
added 2026/06/11 9:16 p.m.10 views

CVE-2026-53814

OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes ...

8.7CVSS0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48744

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.20 Description A privilege escalation issue exists where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of the appropriate hook scope. This allows attackers possessin...

8.7CVSS5.5AI score0.00281EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

OpenClaw 权限许可和访问控制问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.20 contained security vulnerabilities. These vulnerabilities were caused by permission escalation issues, where hooks triggered proxy operations that incorrectly received MCP...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References2
CNVD
CNVD
added 2026/03/12 12:0 a.m.4 views

OpenClaw has an unspecified vulnerability (CNVD-2026-13589)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the use of non-constant time string comparisons for hook token validation, which can be exploited by an attacker to infer a token via a timed side channel...

8.2CVSS5.8AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.6 views

CVE-2026-28475

OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28464

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

9.8CVSS5.9AI score0.00386EPSS
Exploits0References4
Rows per page
Query Builder