6 matches found
GHSA-7VQ9-42CC-33J4 Duplicate Advisory: OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xj9w-5r6q-x6v4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the no...
Duplicate Advisory: OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xj9w-5r6q-x6v4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the no...
CVE-2026-41352 OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...
CVE-2026-41352
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...
CVE-2026-41352 OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...
CVE-2026-41352
OpenClaw is affected prior to version 2026.3.31. The issue is a remote code execution where a device-paired node can bypass the node scope gate authentication, allowing attackers with device pairing credentials to execute arbitrary node commands on the host without proper validation. CVSS-based i...