CVE-2026-43569

OpenClaw (prior to 2026.4.9) contains an authentication bypass vulnerability where untrusted workspace plugins can be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can craft malicious workspace plugins that are automatically selected and enabled...

PT-2026-37024

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description An authentication bypass allows untrusted workspace plugins to be automatically enabled during non-interactive onboarding when provider authentication choices are shadowed. This occurs because th...

openstatus 代码注入漏洞

OpenStatus is an open-source status page and availability monitoring platform developed by OpenStatus. OpenStatus has a code injection vulnerability, which stems from the operation of the callbackURL parameter in the Onboarding endpoint component...

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Texas Attorney General Ken Paxton has sued General Motors GM for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General AG announced he had opened an investigation into several car...

CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

Latest Microsoft Entra advancements strengthen identity security

If you read behind the attention-grabbing headlines, most novel techniques rely on compromised identities.1 In fact, of all the ways an attacker can get into your digital estate, identity compromise is still the most common.2 This makes identity your first line of defense. In many organizations,...