CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2026/04/10 4:3 p.m.•3 views

EUVD-2026-21470

OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...

5.3CVSS5.8AI score0.00036EPSS

Exploits0References4

ATTACKERKB•added 2026/04/10 4:3 p.m.•2 views

CVE-2026-35662

5.3CVSS5.8AI score0.00036EPSS

Exploits0References5

Positive Technologies•added 2026/04/10 12:0 a.m.•4 views

PT-2026-31973

5.3CVSS5.8AI score0.00036EPSS

Exploits0References5

EUVD•added 2026/03/29 3:30 p.m.•2 views

EUVD-2026-16997

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...

9.3CVSS6.1AI score0.00006EPSS

Exploits0References3

NVD•added 2026/03/29 1:16 p.m.•1 views

CVE-2026-32915

9.3CVSS0.00006EPSS

Exploits0References2

CVE•added 2026/03/29 12:44 p.m.•3 views

CVE-2026-32915

OpenClaw contains a sandbox boundary bypass vulnerability affecting versions before 2026.3.11. A low‑privilege, sandboxed leaf subagent can access the subagent control surface and resolve against the parent requester scope instead of its own session tree, enabling steering or killing of sibling r...

9.3CVSS6.1AI score0.00006EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/03/29 12:44 p.m.•3 views

CVE-2026-32915

9.3CVSS6.1AI score0.00006EPSS

Exploits0References3

Vulnrichment•added 2026/03/29 12:44 p.m.•0 views

CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface

9.3CVSS6.1AI score0.00006EPSS

Exploits0References2

Positive Technologies•added 2026/03/29 12:0 a.m.•1 views

PT-2026-28447

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw before version 2026.3.11 contains a sandbox boundary bypass issue. This allows leaf subagents to access the subagents control surface and resolve against a parent requester scope instea...

9.3CVSS6.1AI score0.00006EPSS

Exploits0References9

Github Security Blog•added 2026/03/26 9:44 p.m.•4 views

OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions

Summary Leaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

5.3CVSS5.8AI score0.00036EPSS

Exploits0References6Affected Software1

OSV•added 2026/03/26 9:44 p.m.•1 views

GHSA-X2CM-HG9C-MF5W OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions

5.3CVSS5.9AI score0.00036EPSS

Exploits0References6

OSV•added 2026/03/13 3:47 p.m.•2 views

GHSA-4W7M-58CG-CMFF OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries

Summary In affected versions of openclaw, sandboxed leaf subagents could still access the subagents control surface and resolve against the parent requester scope instead of remaining confined to their own session tree. Impact A low-privilege sandboxed leaf worker could steer or kill a sibling ru...

8.8CVSS5.9AI score

Exploits0References3

Github Security Blog•added 2026/03/13 3:47 p.m.•3 views

OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries

5.9AI score

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by