CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/12 9:56 p.m.•28 views

CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope

7.1CVSS0.00375EPSS

Positive Technologies•added 2026/06/12 12:0 a.m.•13 views

PT-2026-49029

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.7 Description The memory-wiki ingest feature allows authenticated Gateway operators with operator.write scope to read local files outside of the intended ingest sources. By specifying arbitrary local file path...

7.1CVSS5.4AI score0.00375EPSS

Exploits0References5

Positive Technologies•added 2026/05/06 12:0 a.m.•8 views

PT-2026-38234

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description Insufficient access control in the Nostr plugin HTTP profile routes allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with...

6.5CVSS5.8AI score0.00218EPSS

Exploits0References6

RedhatCVE•added 2026/04/29 8:48 p.m.•5 views

CVE-2026-42426

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairi...

8.8CVSS5.3AI score0.00282EPSS

Exploits0References1

NVD•added 2026/04/28 7:37 p.m.•4 views

CVE-2026-42426

8.8CVSS0.00282EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•7 views

PT-2026-35804

8.8CVSS5.2AI score0.00282EPSS

Exploits0References4

ATTACKERKB•added 2026/04/10 4:3 p.m.•3 views

CVE-2026-35620

OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...

5.4CVSS5.9AI score0.00442EPSS

Exploits1References7

Vulnrichment•added 2026/04/10 4:3 p.m.•3 views

CVE-2026-35621 OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence

OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal...

7.1CVSS5.8AI score0.00264EPSS

Exploits1References2

CNNVD•added 2026/04/10 12:0 a.m.•4 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from the /allowlist command not revalidating the gateway client scope for internal callers. This could allow...

7.1CVSS5.8AI score0.00264EPSS

Exploits1References2

CNNVD•added 2026/04/10 12:0 a.m.•7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authorization checks in the /send and /allowlist chat command processors. As a result,...

5.4CVSS5.8AI score0.00442EPSS

Exploits1References6

Snyk•added 2026/04/09 5:36 p.m.•2 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...

8.8CVSS5.8AI score0.00282EPSS

Github Security Blog•added 2026/04/09 5:36 p.m.•7 views

OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval

Impact OpenClaw node.pair.approve placed in operator.write scope instead of operator.pairing allows unprivileged pairing approval. The pairing approval method accepted operator.write instead of the narrower pairing scope and admin requirement for exec-capable nodes. OpenClaw is a user-controlled...

8.8CVSS5.9AI score0.00282EPSS

Exploits0References5Affected Software1

CVE•added 2026/03/29 12:44 p.m.•9 views

CVE-2026-32919

Affected software : OpenClaw prior to 2026.3.11. Issue : authorization bypass allows write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can trigger agent requests containing /new or /reset slash commands to reset targeted conversation state without o...

6.9CVSS5.9AI score0.00096EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/03/26 3:2 p.m.•3 views

CVE-2026-32051

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

EUVD•added 2026/03/21 3:31 a.m.•5 views

Exploits0References1

EUVD-2026-13949

Vulnrichment•added 2026/03/21 12:42 a.m.•4 views

CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access

ATTACKERKB•added 2026/03/21 12:42 a.m.•5 views

CVE-2026-32051

CNNVD•added 2026/03/21 12:0 a.m.•4 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated caller with operator.write scope to invoke the owner-only tool interface...