Lucene search
+L

13 matches found

EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29146

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 6:16 p.m.36 views

CVE-2026-45001

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...

7.1CVSS0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 4:46 p.m.8 views

CVE-2026-45001 OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 4:46 p.m.4 views

CVE-2026-45001 OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...

6CVSS6AI score0.00218EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from security bypasses in the proxy’s config.patch and config.apply endpoints, which failed to protect...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.25 views

PT-2026-39690

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...

7.1CVSS5.8AI score0.00218EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/25 11:51 p.m.7 views

Insufficient Granularity of Access Control

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via insufficient access control in the gateway config.patch and config.apply processes. An attacker can modify protected operator settings by...

7.1CVSS5.5AI score0.00218EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/25 11:51 p.m.48 views

OpenClaw: Agent gateway config mutations could change protected operator settings

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The agent-facing gateway config.patch / config.apply guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook...

5.4AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:51 p.m.8 views

NPM: OpenClaw: Agent gateway config mutations could change protected operator settings

NPM: OpenClaw: Agent gateway config mutations could change protected operator settings vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/25 11:51 p.m.10 views

GHSA-7JM2-G593-4QRC OpenClaw: Agent gateway config mutations could change protected operator settings

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The agent-facing gateway config.patch / config.apply guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook...

6CVSS5.8AI score0.00218EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2024/09/24 12:0 a.m.8 views

September 24, 2024—KB5043131 (OS Build 19045.4957) Preview

None None...

6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2024/08/29 12:0 a.m.6 views

August 29, 2024—KB5041582 (OS Build 19045.4842) Preview

None None...

6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2024/06/28 12:0 a.m.6 views

June 28, 2024—KB5039304 (OS Build 26100.1000) Preview

None None...

6.1AI score
Exploits0
Rows per page
Query Builder