GitLab MCP Server 安全漏洞

GitLab MCP Server is an open-source tool developed by yoda.digital that connects AI agents with GitLab repositories. Versions of GitLab MCP Server prior to 0.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication mechanisms at the HTTP transport laye...

OPENSUSE-SU-2026:20809-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2025-64702: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS bsc1255366. - CVE-2025-69725: github.com/go-chi/chi/v5: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258513...

EUVD-2026-30488

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

CLSA-2026-1778786567 curl: Fix of 2 CVEs

CVE-2018-1000120: fix buffer overflow exists in the FTP URL handling - CVE-2018-1000007: fix leak authentication data to third parties in HTTP requests...

CVE-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

JLSEC-2026-436

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

GHSA-V8QF-FR4G-28P2 OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The Control UI assistant-media route authenticated trusted-proxy callers but did not enforce the declared operator scopes for identity-bearing HTTP auth paths. A trusted-proxy...

EUVD-2026-25374

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

GHSA-QGX9-6PX9-7P75 Duplicate Advisory: OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v8qf-fr4g-28p2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows...

CVE-2026-41908 OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route

OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...

CVE-2026-41908

CVE-2026-41908: OpenClaw prior to 2026.4.20 contains a scope enforcement bypass in the assistant-media route. Trusted-proxy callers lacking operator.read can bypass identity-bearing HTTP auth scope validation to access protected assistant-media files and metadata within allowed media roots. Affec...

CVE-2026-35669 OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

CVE-2026-32696

CVE-2026-32696 affects NanoMQ 0.24.6 where HTTP auth (auth.http_auth) with MQTT CONNECT and missing username/password (using %u/%P) causes auth_http.c:set_data() to call strlen() on a NULL pointer, triggering a remote SIGSEGV and DoS. A fix exists in 0.24.7. The Red Hat, NVD, OSV, and CVE list en...

CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

PT-2026-29123

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http auth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

GHSA-QM2M-28PF-HGJW OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers

Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway-authenticated plugin...

GHSA-P7M9-V2CM-2H7M HAPI FHIR HTTP authentication leak in redirects

Impact When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of...