Lucene search
K

46 matches found

EUVD
EUVD
added 2026/04/10 12:30 a.m.5 views

EUVD-2026-21141

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 12:30 a.m.5 views

EUVD-2026-21108

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.5AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31968

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 10:16 p.m.13 views

CVE-2026-35644

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 10:16 p.m.5 views

CVE-2026-35625

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS0.00192EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.3 views

CVE-2026-35644

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS5.9AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.22 views

CVE-2026-35644 OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive...

7.1CVSS0.00193EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 5:36 p.m.4 views

GHSA-4F8G-77MW-3RXC OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`

Impact Gateway plugin HTTP auth: gateway widens identity-bearing operator.read requests into runtime operator.write. Plugin HTTP routes using gateway auth could receive runtime write scopes even when the upstream trusted-proxy request only declared read. OpenClaw is a user-controlled local...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/09 5:36 p.m.8 views

OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`

Impact Gateway plugin HTTP auth: gateway widens identity-bearing operator.read requests into runtime operator.write. Plugin HTTP routes using gateway auth could receive runtime write scopes even when the upstream trusted-proxy request only declared read. OpenClaw is a user-controlled local...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from allowing attackers with the operator.read scope to expose credentials, potentially leading to informati...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References4
OSV
OSV
added 2026/03/30 6:41 p.m.7 views

GHSA-68F8-9MHJ-H2MP OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes. In contrast, the WebSocket RPC path enforces operator.read for models.list. A caller connected with operator.approvals...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/30 6:41 p.m.6 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /v1/models HTTP endpoint, which does not enforce the required operator read scope. An attacker can access and enumerate model metadata by sending...

5.3CVSS5.8AI score0.00272EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/30 6:41 p.m.7 views

OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes. In contrast, the WebSocket RPC path enforces operator.read for models.list. A caller connected with operator.approvals...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/29 3:46 p.m.3 views

GHSA-5JVJ-HXMH-6H6J OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope

Summary Gateway HTTP Session History Route Bypasses Operator Read Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details The HTTP /sessions/:sessionKey/histor...

5.3CVSS5.9AI score0.00232EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/29 3:46 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /sessions/:sessionKey/history route, which failed to enforce the required operator.read scope during authentication. An attacker can access session history...

7.1CVSS5.9AI score0.00232EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/29 3:46 p.m.5 views

OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope

Summary Gateway HTTP Session History Route Bypasses Operator Read Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details The HTTP /sessions/:sessionKey/histor...

7.1CVSS5.9AI score0.00232EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/27 10:29 p.m.12 views

GHSA-FQW4-MPH7-2VR8 OpenClaw: Silent privilege escalation via gateway shared-auth reconnect

Summary Gateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verificati...

9.4CVSS5.9AI score0.00192EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 10:55 p.m.5 views

CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References6
CVE
CVE
added 2026/02/19 10:55 p.m.27 views

CVE-2026-26326

CVE-2026-26326 affects the OpenClaw OpenClaw AI assistant. Before version 2026.2.14, the function skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for requires.config paths. The fix in 2026.2.14 stops including raw resolved conf...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 10:55 p.m.3 views

CVE-2026-26326 OpenClaw skills.status could leak secrets to operator.read clients

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...

5.3CVSS5.6AI score0.00303EPSS
Exploits0References4
Rows per page
Query Builder