8 matches found
EUVD-2026-36608
OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command...
CVE-2026-53820
OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command...
CVE-2026-53820 OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn
OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command...
PT-2026-49024
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An exec denylist bypass exists in the bundle MCP loopback session-spawn path. This allows authenticated callers to bypass intended command restrictions and start sessions with broader command...
CVE-2026-53818 OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback
OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools...
EulerOS Virtualization 2.13.1 : qemu (EulerOS-SA-2026-1641)
According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individu...
EUVD-2025-37403
A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This...
AZL-69631 CVE-2025-12464 affecting package qemu for versions less than 8.2.0-25
A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This...