4 matches found
Open WebUI 安全漏洞
Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/models/import endpoint, which allowed users with the workspace.models.import...
CVE-2026-26317
OpenClaw (personal AI assistant) exposes loopback browser mutation endpoints that accept cross-origin requests prior to 2026.2.14, enabling cross‑site request forgery (CSRF) to trigger unauthorized state changes in the victim’s local browser control plane. Starting with 2026.2.14, mutating HTTP m...
CVE-2026-26317 OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A...
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. Impact A malicious website can trigger unauthorized...