CVE-2026-35625

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

CVE-2026-35625 OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

CVE-2026-34512

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticat...

CVE-2026-40089 Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

CVE-2026-40089

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

CVE-2026-39961

Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...

OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`

Impact Gateway plugin HTTP auth: gateway widens identity-bearing operator.read requests into runtime operator.write. Plugin HTTP routes using gateway auth could receive runtime write scopes even when the upstream trusted-proxy request only declared read. OpenClaw is a user-controlled local...

GHSA-4F8G-77MW-3RXC OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`

Impact Gateway plugin HTTP auth: gateway widens identity-bearing operator.read requests into runtime operator.write. Plugin HTTP routes using gateway auth could receive runtime write scopes even when the upstream trusted-proxy request only declared read. OpenClaw is a user-controlled local...

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...

OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval

Impact OpenClaw node.pair.approve placed in operator.write scope instead of operator.pairing allows unprivileged pairing approval. The pairing approval method accepted operator.write instead of the narrower pairing scope and admin requirement for exec-capable nodes. OpenClaw is a user-controlled...

GHSA-5WJ5-87VQ-39XM OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement

Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement. A previously paired node could reconnect with a broader command set, including exec-capable commands, without forcing the operator/admin re-pairing path. OpenClaw is a user-controlled local assistant. This...

OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement

Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement. A previously paired node could reconnect with a broader command set, including exec-capable commands, without forcing the operator/admin re-pairing path. OpenClaw is a user-controlled local assistant. This...

CVE-2026-39961 Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...

CVE-2026-39961

Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...

CVE-2026-39961

CVE-2026-39961 (Aiven Operator) affects Aiven Operator versions 0.31.0–0.36.x. A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any namespace. The operator reads the victim’s secret using its ClusterRole (aiven-operator-role) and writes ...

EUVD-2026-20954

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: tflint, kine, sops, wolfictl, grafana-mimir, grype, dkron, grafana-pyroscope, openbao, ratify, sftpgo-plugin-kms, spicedb, vault-secrets-webhook, dgraph, gomplate, temporal-server, metrics-server, pulumi-language-java, kubernetes-csi-external-provisioner, k8sgpt,...

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-streamanalytics, fulcio-fips, azure-workload-identity-webhook, nginx-kubernetes-ingress, neuvector-sigstore-interface, cortex, omni-fips, crossplane-provider-family-aws, gitlab-cng-fips, cass-operator-fips-no-pvc-delete, grype-db,...

CVE-2026-39883 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-streamanalytics, fulcio-fips, azure-workload-identity-webhook, nginx-kubernetes-ingress, neuvector-sigstore-interface, cortex, omni-fips, crossplane-provider-family-aws, gitlab-cng-fips, cass-operator-fips-no-pvc-delete, grype-db,...

CLEANSTART-2026-SQ18258 url

Multiple security vulnerabilities affect the minio-operator-fips package. url. See references for individual vulnerability details...