OpenClaw: Silent privilege escalation via gateway shared-auth reconnect

Summary Gateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verificati...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the backend reconnect process. An attacker can escalate privileges by reconnecting with non-admin operator scopes and self-claiming higher privileges such as...

GHSA-9HJH-FR4F-GXC4 OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Backend-labeled...

OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Backend-labeled...

OpenClaw: Gateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding

Summary Gateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding. Details The HTTP route previously treated any bearer-authenticated request as admin-eligible and could call without binding the action to requester ownership or caller-granted operator scopes. Th...

Security Bulletin: Operator for IBM DataPower Gateway vulnerable to Denial of Service

Summary This vulnerability can allow an invalid DNS response to cause an operator crash. Vulnerability Details CVEID:CVE-2026-25518 DESCRIPTION: cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and...

GHSA-HXV8-4J4R-CQGV vulnerabilities

Vulnerabilities for packages: kubescape-operator, hubble-ui, hubble, kubescape...

CVE-2026-33726 vulnerabilities

Vulnerabilities for packages: kubescape-operator, hubble-ui, hubble, kubescape...

GHSA-HXV8-4J4R-CQGV vulnerabilities

Vulnerabilities for packages: kubescape-server, kubescape-operator-fips, hubble-ui, hubble, kubescape-server-fips, kubescape, hubble-ui-backend-fips, kubescape-operator, hubble-fips...

CVE-2026-33726 vulnerabilities

Vulnerabilities for packages: kubescape-server, kubescape-operator-fips, hubble-ui, hubble, kubescape-server-fips, kubescape, hubble-ui-backend-fips, kubescape-operator, hubble-fips...

PT-2026-31980

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description The software contains a privilege escalation issue in gateway-authenticated plugin HTTP routes. The issue incorrectly assigns operator.admin runtime scope, bypassing caller-granted scopes. This...

CVE-2025-12805

CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator where Llama Stack services deployed in different namespaces can be accessed via direct network requests because no NetworkPolicy restricts the llama-stack service endpoint. This allows a user in one namespace to ...

CVE-2025-12805 Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy

A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...

CVE-2025-12805

A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...

CVE-2025-12805 Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy

A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...

GHSA-HF68-49FM-59CQ OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve

Summary device.pair.approve allowed an operator.pairing approver to approve a pending device request for broader operator scopes than the approver actually held. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve

Summary device.pair.approve allowed an operator.pairing approver to approve a pending device request for broader operator scopes than the approver actually held. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

GHSA-3W6X-GV34-MQPF OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement

Summary Mutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement

Summary Mutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the agent process when the /reset or /new endpoints are accessed with only operator.write permissions. An attacker can gain unauthorized administrative access by...