45 matches found
CVE-2026-42429
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from an issue with the permission escalation mechanism in the gateway plugin’s HTTP authentication process...
PT-2026-35807
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway au...
OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The Control UI assistant-media route authenticated trusted-proxy callers but did not enforce the declared operator scopes for identity-bearing HTTP auth paths. A trusted-proxy...
GHSA-V8QF-FR4G-28P2 OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The Control UI assistant-media route authenticated trusted-proxy callers but did not enforce the declared operator scopes for identity-bearing HTTP auth paths. A trusted-proxy...
EUVD-2026-25274
OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...
Duplicate Advisory: OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v8qf-fr4g-28p2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows...
GHSA-QGX9-6PX9-7P75 Duplicate Advisory: OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v8qf-fr4g-28p2. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows...
CVE-2026-41908
OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...
CVE-2026-41908
OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...
CVE-2026-41908
CVE-2026-41908: OpenClaw prior to 2026.4.20 contains a scope enforcement bypass in the assistant-media route. Trusted-proxy callers lacking operator.read can bypass identity-bearing HTTP auth scope validation to access protected assistant-media files and metadata within allowed media roots. Affec...
CVE-2026-41908 OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route
OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...
PT-2026-34709
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.20 Description A scope enforcement bypass exists in the 'assistant-media' route. This allows trusted-proxy callers who lack the operator.read scope to bypass identity-bearing HTTP auth path scope validation...
CVE-2026-35657
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...
CVE-2026-35657
OpenClaw is affected by an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history endpoint, present in versions before 2026.3.25. The issue allows access to session history without proper operator.read permissions by bypassing scope validation. Attackers can exploit this via...
CVE-2026-35657
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...
CVE-2026-35657 OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...
EUVD-2026-21460
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...
CVE-2026-35657 OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...
EUVD-2026-21141
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...