Lucene search
+L

71 matches found

CVE
CVE
added 7 hours ago6 views

CVE-2026-62229

OpenClaw prior to 2026.5.18 contains an authorization bypass in exec allowlist glob matching. This allows lower-trust callers to execute actions beyond intended authorization by crafting input paths that traverse the allowlist glob patterns when the affected feature is enabled. According to the C...

8.8CVSS6.2AI score
Exploits0References2
CVE
CVE
added 7 hours ago5 views

CVE-2026-62226

OpenClaw 2026.3.28 before 2026.5.19 contains an authorization bypass in the browser act route, due to failure to properly validate current-tab URL checks. This allows attackers with lower-trust access or configured input paths to perform actions that should be restricted by stronger authorization...

8.5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45113

OpenClaw versions before 2026.5.18 contain an authorization bypass vulnerability in skill command dispatch that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can bypass tool policy restrictions through configured input paths to perform...

5.4CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45111

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower-trust callers to execute actions beyond their intended authorization. Attackers can exploit misconfigured input paths to execute or persist unauthorized actions when the...

8.8CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-45110

OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level...

7.8CVSS6.2AI score
Exploits0References2
CVE
CVE
added 7 hours ago5 views

CVE-2026-62221

Technical details are not publicly available in the provided documents. Monitor for updates from vuln sources; no product/version specifics or remediation are given in the supplied material.

5.4CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-45107

OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or...

7.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45105

OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an authorization flaw in the QQBot exec approvals feature. When the feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization, allowing...

8.8CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45106

OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature that allows lower-trust callers to bypass role-management checks. Attackers can perform actions requiring stronger authorization by reaching the affected feature through configured...

8.8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-45102

OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...

6.5CVSS6.1AI score
Exploits0References2
CVE
CVE
added 7 hours ago7 views

CVE-2026-62215

OpenClaw versions before 2026.6.5 are affected by an authentication bypass in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions by submitting crafted requests through configured input paths, bypassing policy checks. The CVE lists impact on confidentiality and int...

8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45103

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions requiring stronger authorization by submitting crafted requests through configured input paths,...

8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45101

OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary...

6.5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45099

OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose...

5CVSS6.1AI score
Exploits0References2
CVE
CVE
added 7 hours ago4 views

CVE-2026-62212

CVE-2026-62212 affects OpenClaw prior to 2026.5.28. A race condition exists in the MS Teams safeFetch DNS rebinding check when the affected feature is enabled and reachable. A lower-trust caller or configured input path could win the timing window between DNS validation and usage, enabling action...

7.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added 7 hours ago5 views

CVE-2026-62211

OpenClaw versions prior to 2026.6.1 expose a credential redaction bypass in the trajectory export feature. The flaw allows lower-trust callers to access data that should remain within trusted boundaries by exploiting misconfigured input paths or feature accessibility in the export mechanism. Affe...

5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45096

OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...

6.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45095

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths...

8.8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45091

OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege escalation vulnerability in isolated cron jobs that allows lower-trust callers to regain denied execution tools. Attackers can execute or persist actions beyond their intended authorization by leveraging misconfigured input paths in t...

8.8CVSS6.2AI score
Exploits0References2
CVE
CVE
added 7 hours ago5 views

CVE-2026-62201

OpenClaw prior to version 2026.6.6 contains a network policy bypass in the sandbox exec-server that lets lower-trust callers reach internal network destinations blocked by policy. Attackers can send HTTP requests through the exec-server to access restricted network resources. The CVE description ...

7.7CVSS6.1AI score
Exploits0References2
Rows per page
Query Builder