28 matches found
EUVD-2026-43538
OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...
EUVD-2026-43568
OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...
CVE-2026-62195
OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...
CVE-2026-62198
OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...
CVE-2026-62190
OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...
CVE-2026-62198 OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search
OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...
CVE-2026-62192
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester authorizat...
CVE-2026-62190
OpenClaw is affected by an authorization bypass in the flock wrapper for versions before 2026.6.9. The vulnerability allows lower-trust callers to execute or persist actions beyond their authorization by exploiting configured input paths to bypass the durable exec approval binding when the affect...
CVE-2026-62186
OpenClaw is affected in versions before 2026.6.8 by an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides. The issue allows lower-trust callers to bypass admin authorization policies and execute restricted operations via misconfigured input paths. Exploitation details ar...
PT-2026-57897
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.5.20 through 2026.6.5 Description An authorization bypass exists in the MCP loopback feature. This issue allows lower-trust callers to execute tools reserved for the owner by utilizing configured input paths, enabling th...
EUVD-2026-42322
OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...
CVE-2026-59261 OpenClaw < 2026.5.28 - Credential Override via Workspace Dotenv Files
OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...
PT-2026-56484
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.28 Description A credential exposure issue exists where workspace dotenv files can override provider credentials. This allows attackers with lower-trust access to configured input paths to expose sensitive dat...
CVE-2026-42290
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...
CVE-2026-42290
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...
CVE-2026-42290
Summary: The vulnerability affects protobufjs-cli’s pbts command. In versions before 1.2.1 and 2.0.2, pbts builds a shell command string from input file paths and runs it via child_process.exec, allowing file paths containing shell metacharacters to be interpreted by the shell. This can enable OS...
Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU 路径遍历漏洞
Schneider Electric Saitel DR RTU and Schneider Electric Saitel DP RTU are both remote terminal devices from Schneider Electric, a French company. Both devices have a path traversal vulnerability. This vulnerability stems from improper path name restrictions, which may lead to unauthorized access ...
DEBIAN-CVE-2026-41526
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...
seg6: separate dst_cache for input and output paths in seg6 lwtunnel
...
DEBIAN-CVE-2026-0846
A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...