Lucene search
K

5345 matches found

Snyk
Snyk
added 2026/04/24 2:35 a.m.8 views

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the OpenShell mirror mode that converts untrusted sandbox files into workspace hooks. An attacker can execute arbitrary code on the host system by providi...

7.3CVSS6.1AI score0.00123EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 12:31 a.m.6 views

EUVD-2026-25339

OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...

7.3CVSS6.5AI score0.00123EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.8 views

Duplicate Advisory: OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-42mx-vp8m-j7qh. This link is maintained to preserve external references. Original Description OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted...

7.3CVSS6.5AI score0.00123EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/24 12:31 a.m.6 views

GHSA-M563-373Q-885C Duplicate Advisory: OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-42mx-vp8m-j7qh. This link is maintained to preserve external references. Original Description OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted...

7.3CVSS6.5AI score0.00123EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.5 views

CVE-2026-41355 OpenClaw < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...

7.3CVSS6.5AI score0.00123EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/23 9:58 p.m.43 views

CVE-2026-41355 OpenClaw < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...

7.3CVSS0.00123EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:58 p.m.4 views

CVE-2026-41355

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...

7.3CVSS6.5AI score0.00123EPSS
Exploits0References4
CVE
CVE
added 2026/04/23 9:58 p.m.42 views

CVE-2026-41355

OpenShell is affected by CVE-2026-41355 (pre-2026.3.28) where a vulnerability in mirror mode allows conversion of untrusted sandbox files into workspace hooks, enabling arbitrary code execution on the host at gateway startup when mirror-mode access is present. The issue stems from how workspace h...

7.3CVSS6.5AI score0.00123EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from an arbitrary code execution vulnerability in the mirror mode. By converting untrusted sandbox files int...

7.3CVSS6.5AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/04/20 2:56 p.m.7 views

OPENSUSE-SU-2026:20479-1 Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...

5.3CVSS5.8AI score0.00414EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 6:34 p.m.6 views

EUVD-2026-20507

A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address URL. This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery SSRF...

6.5CVSS6AI score0.00405EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 6:34 p.m.11 views

EUVD-2025-209308

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 5:20 p.m.3 views

CVE-2025-14243

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

5.3CVSS0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 5:6 p.m.5 views

CVE-2026-32591 Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...

5.2CVSS5.7AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 5:4 p.m.32 views

CVE-2026-32590

CVE-2026-32590 affects Red Hat Quay and relates to the handling of resumable container image layer uploads. The vulnerability stems from how intermediate upload data is stored in the database: if this data is tampered with, an attacker could trigger arbitrary code execution on the Quay server (re...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References11Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/08 5:4 p.m.4 views

CVE-2026-32589 Mirror-registry: quay: insecure direct object reference in blobupload

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/04/08 4:41 p.m.3 views

CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 4:41 p.m.25 views

CVE-2025-14243 Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation...

5.3CVSS0.00287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/08 4:37 p.m.6 views

CVE-2025-14243

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation. Mitigation Mitigation for this issue is either not...

5.3CVSS5.9AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/08 4:26 p.m.32 views

CVE-2026-2377 Mirror-registry: quay: quay: server-side request forgery via log export functionality

A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as...

6.5CVSS0.00405EPSS
Exploits0References8
Rows per page
Query Builder