Lucene search
+L

470 matches found

euvd
euvd
added 2 days ago4 views

EUVD-2026-43534

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS6.2AI score0.00251EPSS
Exploits0References3
euvd
euvd
added 2 days ago5 views

EUVD-2026-43565

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References3
euvd
euvd
added 2 days ago3 views

EUVD-2026-43566

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References3
euvd
euvd
added 2 days ago4 views

EUVD-2026-43570

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...

8.1CVSS6.2AI score0.00233EPSS
Exploits0References3
euvd
euvd
added 2 days ago5 views

EUVD-2026-43568

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform...

8.8CVSS6.2AI score0.00285EPSS
Exploits0References3
euvd
euvd
added 2 days ago6 views

EUVD-2026-43569

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS6.2AI score0.00207EPSS
Exploits0References3
euvd
euvd
added 2 days ago5 views

EUVD-2026-43571

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS6.2AI score0.00184EPSS
Exploits0References3
nvd
nvd
added 3 days ago5 views

CVE-2026-62195

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS0.0023EPSS
Exploits0References2
nvd
nvd
added 3 days ago6 views

CVE-2026-62198

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.4CVSS0.0016EPSS
Exploits0References2
nvd
nvd
added 3 days ago5 views

CVE-2026-62191

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS0.00207EPSS
Exploits0References2
cve
cve
added 3 days ago13 views

CVE-2026-62200

OpenClaw

8.8CVSS6.2AI score0.00295EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 3 days ago2 views

CVE-2026-62200

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS6.2AI score0.00295EPSS
Exploits0References3
osv
osv
added 3 days ago5 views

CVE-2026-62198 OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS6.2AI score0.0016EPSS
Exploits0References5
osv
osv
added 3 days ago3 views

CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

6.3CVSS6.1AI score0.00199EPSS
Exploits0References5
cvelist
cvelist
added 3 days ago33 views

CVE-2026-62198 OpenClaw 2026.5.28 < 2026.6.6 Authorization Bypass via Web Search

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS0.0016EPSS
Exploits0References2
cve
cve
added 3 days ago12 views

CVE-2026-62198

OpenClaw 2026.5.28 before 2026.6.6 contains an authorization bypass in native web search that lets lower-trust callers perform actions requiring stronger policy checks. Exploitation would involve misconfigured input paths to bypass intended authorization controls and execute restricted operations...

5.4CVSS6.2AI score0.0016EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 3 days ago34 views

CVE-2026-62196 OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs

OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...

8.7CVSS0.0023EPSS
Exploits0References2
cve
cve
added 3 days ago15 views

CVE-2026-62194

OpenClaw CVE-2026-62194 affects OpenClaw versions 2026.5.20 before 2026.6.9. Vulnerable: plugin install commands in the OpenClaw stack. Root cause: privilege escalation via misconfigured input paths or enabled features that let lower-trust callers execute/persist actions beyond their authorizatio...

8.8CVSS6.2AI score0.00251EPSS
Exploits0References2Affected Software1
osv
osv
added 3 days ago3 views

CVE-2026-62194 OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.7CVSS6.2AI score0.00251EPSS
Exploits0References5
cvelist
cvelist
added 3 days ago32 views

CVE-2026-62194 OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS0.00251EPSS
Exploits0References2
Rows per page
Query Builder