Missing Authentication for Critical Function

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the tunnel.allowNgrokFreeTierLoopbackBypass configuration option in the webhook authentication. An attacker can trigger unauthorized...

PT-2026-23561

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The software contains a webhook signature-verification bypass in the voice-call extension. This allows unauthenticated requests when the tunnel.allowNgrokFreeTierLoopbackBypass option is enabled...

OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)

Summary OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This could allow requests that should be blocked loopback / private network / link-local metadata to pass the SSRF guard. - Vulnerable component: SSRF...

PT-2026-20959

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The SSRF protection in OpenClaw could be bypassed using full-form IPv4-mapped IPv6 literals, such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This bypass allows requests that should be blocked,...

OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl

Summary The Control UI trusts gatewayUrl from the query string without validation and auto-connects on load, sending the stored gateway token in the WebSocket connect payload. Clicking a crafted link or visiting a malicious site can send the token to an attacker-controlled server. The attacker ca...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004239 advisory. In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to...

GHSA-68G8-C275-XF2M Directus vulnerable to SSRF Loopback IP filter bypass

Impact If you're relying on blocking access to localhost using the default 0.0.0.0 filter this can be bypassed using other registered loopback devices like 127.0.0.2 - 127.127.127.127 Workaround You can block this bypass by manually adding the 127.0.0.0/8 CIDR range which will block access to any...

Juniper Networks Junos OS 竞争条件问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS is vulnerable to a race condition issue, which exists due to a race condition in the firewall process dfwd. A...

coturn < 4.5.2 Loopback Bypass Vulnerability

coturn is prone to a loopback bypass vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-26262 Loopback bypass in Coturn

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...

UBUNTU-CVE-2014-9494

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopbackusers restriction via a crafted X-Forwareded-For header...