CVE-2026-28394

OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the webfetch tool that allows attackers to crash the Gateway process through memory exhaustion by parsing oversized or deeply nested HTML responses. Remote attackers can social-engineer users into fetching malicious...

EUVD-2026-9894

OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the webfetch tool that allows attackers to crash the Gateway process through memory exhaustion by parsing oversized or deeply nested HTML responses. Remote attackers can social-engineer users into fetching malicious...

Uncontrolled Recursion

Overview xgrammar is an Efficient, Flexible and Portable Structured Generation Affected versions of this package are vulnerable to Uncontrolled Recursion through the handling of multi-level nested grammar rules. An attacker can cause a segmentation fault and crash the application by submitting...

GHSA-7RGV-GQHR-FXG3 xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

EUVD-2026-9830

xgrammar vulnerable to DoS via multi-layer nesting...

xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

CVE-2026-25048

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

CVE-2026-25048

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

📄 dottie 2.0.6 Prototype Pollution Bypass

CVE-2026-27837 describes an incomplete patch in dottie versions 2.0.4 through 2.0.6, following the original CVE-2023-26132 fix attempt. The protection added in commit 7d3aee1 validates only the first segment of a dot-separated property path against dangerous keys such as proto. However, the...

PT-2026-23453

Name of the Vulnerable Software and Affected Versions xgrammar versions prior to 0.1.32 Description xgrammar, an open-source library for structured generation, experienced a segmentation fault due to multi-level nested syntax in versions prior to 0.1.32. This issue can lead to a denial-of-service...

TencentOS Server 4: protobuf (TSSA-2026:0093)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0093 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

XGrammar 安全漏洞

XGrammar is a fast, flexible, and portable structured generation tool open source by mlc-ai. Versions of XGrammer before 0.1.32 have security vulnerabilities, which are caused by multi-level nested syntax leading to segmentation errors...

OpenClaw 安全漏洞

OpenClaw is a gateway tool for network data acquisition. A denial of service vulnerability exists in OpenClaw. An attacker can exploit this vulnerability to crash the gateway process by parsing oversized or deeply nested HTML responses to exhaust memory and trick users into visiting a malicious U...

CLSA-2026-1772646053 python3: Fix of CVE-2025-12084

CVE-2025-12084: Prevent quadratic-time behavior when building excessively nested XML elements...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through a mismatch in wrapper-depth parsing in system.run. An attacker can bypass approval gating by crafting nested transparent dispatch wrappers, allowing...

OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode

Summary A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers for example repeated /usr/bin/env to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt...

CVE-2026-28407

A flaw was found in malcontent, a software designed to discover supply-chain compromises. Prior to version 1.21.0, malcontent would remove nested archives that failed to extract, which could potentially leave malicious content unexamined. This oversight could allow an attacker to bypass security...

Quantifying Frontier LLM Capabilities for Container Sandbox Escape

Large language models LLMs increasingly act as autonomous agents, using tools to execute code, read and write files, and access networks, creating novel security risks. To mitigate these risks, agents are commonly deployed and evaluated in isolated "sandbox" environments, often implemented using...

Linux Distros Unpatched Vulnerability : CVE-2026-27904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2,...

OESA-2026-1432 protobuf security update

Security Fixes: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an...