Lucene search
K

8 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-43564

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score0.00202EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-62186 OpenClaw < 2026.6.8 Authorization Bypass via HTTP Model Override

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS0.00202EPSS
Exploits0References2
CVE
CVE
added 2 days ago13 views

CVE-2026-62186

OpenClaw is affected in versions before 2026.6.8 by an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides. The issue allows lower-trust callers to bypass admin authorization policies and execute restricted operations via misconfigured input paths. Exploitation details ar...

7.6CVSS6.2AI score0.00202EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/29 3:30 p.m.3 views

EUVD-2026-16999

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...

9.2CVSS6AI score0.00101EPSS
Exploits0References3
NVD
NVD
added 2026/03/29 1:17 p.m.6 views

CVE-2026-32918

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...

9.2CVSS0.00101EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/29 12:44 p.m.1 views

CVE-2026-32918

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...

9.2CVSS6AI score0.00101EPSS
Exploits0References3
CVE
CVE
added 2026/03/29 12:44 p.m.18 views

CVE-2026-32918

OpenClaw is affected by a session sandbox escape in the session_status tool (CVE-2026-32918). The vulnerability allows sandboxed subagents to access parent or sibling session state by supplying arbitrary sessionKey values, enabling reading or modification of session data outside the sandbox, incl...

9.2CVSS6AI score0.00101EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.7 views

PT-2026-28448

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains a session sandbox escape issue within the session status tool. This allows sandboxed subagents to access session state belonging to parent or sibling sessions. An attacker...

9.2CVSS6AI score0.00101EPSS
Exploits0References5
Rows per page
Query Builder