Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.7 views

CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

7.1CVSS5.4AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.21 views

CVE-2026-53825

OpenClaw prior to 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature. Authenticated Gateway operators with operator.write scope can specify arbitrary local file paths to import content into wiki memory, bypassing access restrictions and reading local files ou...

7.1CVSS5.4AI score0.00375EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/17 10:15 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the operator.write message-tool. An attacker can modify persistent Matrix profile configuration without proper authorization by sending crafted requests throug...

7.6CVSS5.7AI score0.00295EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:0 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the operator.write configuration. An attacker can modify and persist unauthorized profile configurations by sending crafted HTTP requests to affected...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References3
Rows per page
Query Builder