Lucene search
K

12 matches found

NVD
NVD
added 2026/05/05 12:16 p.m.10 views

CVE-2026-43532

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

7.7CVSS0.00259EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:25 a.m.3 views

CVE-2026-43532

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

7.7CVSS5.8AI score0.00259EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/05 11:25 a.m.3 views

CVE-2026-43532 OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

4.9CVSS5.9AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.35 views

CVE-2026-42438 OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:24 a.m.16 views

CVE-2026-42438

OpenClaw version 2026.4.9 and older is affected by a sender policy bypass in the outbound host-media attachment read helper, enabling unauthorized local file disclosure when an attacker has denied read access via toolsBySender or group policy. The bypass can circumvent sender and group-scoped aut...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/05 11:24 a.m.6 views

EUVD-2026-27259

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.5 views

CVE-2026-42438 OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 11:24 a.m.4 views

CVE-2026-42438 OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

4.9CVSS5.9AI score0.00236EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/17 10:17 p.m.7 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the host-media attachment read helper. An attacker can access unauthorized local files by bypassing sender or group-scoped policy restrictions through the...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/17 10:17 p.m.10 views

OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure

Summary OpenClaw's outbound host-media attachment read helper could enable host-local file reads based on global or agent-level read access without also honoring sender and group-scoped tool policy. In channel deployments that used toolsBySender or group policy to deny read for less-trusted...

7.7CVSS5.7AI score0.00236EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.12 views

PT-2026-37010

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.9 through 2026.4.9 Description A sender policy bypass exists in the outbound host-media attachment read helper. This issue allows unauthorized local file disclosure when deployments allow host read or filesystem root...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References7
CNVD
CNVD
added 2015/09/15 12:0 a.m.4 views

Protect Host Media Auto-Exchanger Cross-Site Request Forgery Vulnerability

Protect Host Media Auto-Exchanger is a set of tools for exchanging, buying and selling e-currency from Protect Host Media UK. A cross-site request forgery vulnerability exists in Protect Host Media Auto-Exchanger version 5.1.0, which can be exploited by a remote attacker to change a password by...

6.8CVSS7AI score0.01982EPSS
Exploits5References1
Rows per page
Query Builder