CVE-2026-32289 vulnerabilities

Vulnerabilities for packages: cluster-api, prometheus-pushgateway, cri-tools, caddy, cadvisor-fips, prometheus-statsd-exporter-fips, kubescape-server, kubernetes-dashboard-auth, azure-service-operator-fips, gomplate, virt-api, neuvector-sigstore-interface-fips, kubeflow-katib, grafana-pyroscope,...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: caddy, kubescape-server, gomplate, kube-arangodb-fips, trivy-fips, vault-csi-provider, k8ssandra-client, prometheus-fips, harbor-fips, helm-push, knative-eventing, rke2-runtime, kube-fluentd-operator, cloud-provider-aws, mesosphere-vsphere-csi-fips,...

CVE-2026-32280 vulnerabilities

Vulnerabilities for packages: dragonfly-operator-fips, nodetaint, cluster-api, prometheus-pushgateway, cri-tools, caddy, cadvisor-fips, prometheus-statsd-exporter-fips, kubescape-server, kubernetes-dashboard-auth, azure-service-operator-fips, gomplate, virt-api, neuvector-sigstore-interface-fips,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: dragonfly-operator-fips, nodetaint, cluster-api, prometheus-pushgateway, cri-tools, caddy, cadvisor-fips, prometheus-statsd-exporter-fips, kubescape-server, kubernetes-dashboard-auth, azure-service-operator-fips, gomplate, virt-api, neuvector-sigstore-interface-fips,...

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: dragonfly-operator-fips, prometheus-pushgateway, cadvisor-fips, kubescape-server, gomplate, rancher-security-scan-fips, pdfcpu, db-operator-fips, aws-sigv4-proxy-fips, knative-eventing, zabbix-agent2, kserve-modelmesh-serving, dcgm-exporter, nats-fips, falcoctl,...

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: dragonfly-operator-fips, nodetaint, cluster-api, prometheus-pushgateway, cri-tools, caddy, cadvisor-fips, prometheus-statsd-exporter-fips, kubescape-server, kubernetes-dashboard-auth, azure-service-operator-fips, gomplate, virt-api, neuvector-sigstore-interface-fips,...

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: dragonfly-operator-fips, nodetaint, cluster-api, prometheus-pushgateway, cri-tools, caddy, cadvisor-fips, prometheus-statsd-exporter-fips, kubescape-server, kubernetes-dashboard-auth, azure-service-operator-fips, gomplate, virt-api, neuvector-sigstore-interface-fips,...

CVE-2026-39961

Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...

EUVD-2026-20965

Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource...

GHSA-99J8-WV67-4C72 Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Impact A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and write...

Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Impact A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and write...

CVE-2026-35669

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

CVE-2026-35660

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...

CVE-2026-35657

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...

CVE-2026-35620

OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...

CVE-2026-35621

OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal...

CVE-2026-35619

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

CVE-2026-35669

OpenClaw is affected prior to version 2026.3.25. The vulnerability resides in the gateway-authenticated plugin HTTP routes, where the system incorrectly mints operator.admin runtime scope regardless of caller-granted scopes. This scope boundary bypass can allow an attacker to escalate privileges ...

CVE-2026-35669 OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...

EUVD-2026-21484

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform...