CVE-2026-4148 ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...

CVE-2026-4148

A use-after-free vulnerability (CVE-2026-4148) affects MongoDB in sharded clusters, triggered by an authenticated user with read role issuing a specially crafted $lookup or $graphLookup aggregation. The linked OSV entry cites the failure in ExpressionContext within the classic engine as the root ...

Important: Red Hat Security Advisory: Cluster Observability Operator 1.4.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.4 release of COO...

PT-2026-25907

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A use-after-free issue can occur in sharded clusters when a user with read access submits a specifically designed aggregation pipeline using either the $lookup or $graphLookup operator...

ALPINE-CVE-2026-3644

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

CVE-2026-3644

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

Security Bulletin: Due to the use of Python setuptools IBM Foundationdb Operator is vulunerable for denial of service attack

Summary IBM Database Operator for FoundationDB contains Python setuptools internally CVE-2022-40897 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package o...

Security Bulletin: Due to use of golang.org/x/text, IBM Database Operator for Foundationdb is vulnerable to denial of service attack.

Summary IBM Database Operator for FoundationDB contains golang.org/x/text internally CVE-2021-38561 Vulnerability Details CVEID:CVE-2021-38561 DESCRIPTION: golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index...

BIT-PARSE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier...

Malicious code in syntax-exponentiation-operator (npm)

The package 'syntax-exponentiation-operator' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1532 Malicious code in syntax-exponentiation-operator (npm)

The package 'syntax-exponentiation-operator' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

GHSA-2RQG-GJGV-84JM OpenClaw: Gateway `agent` calls could override the workspace boundary

Summary The public gateway agent RPC allowed an authenticated operator with operator.write to supply attacker-controlled spawnedBy and workspaceDir values. That let the caller re-root the agent run outside its configured workspace boundary. Impact A non-owner operator could escape the intended...

GHSA-VMHQ-CQM9-6P7Q OpenClaw: `browser.request` let `operator.write` persist admin-only browser profile changes

Summary An authorization mismatch in the gateway let an authenticated caller with only operator.write use browser.request to reach browser profile management routes that persist configuration to disk. In practice, this exposed an admin-only configuration write primitive through /profiles/create...

OpenClaw: `browser.request` let `operator.write` persist admin-only browser profile changes

Summary An authorization mismatch in the gateway let an authenticated caller with only operator.write use browser.request to reach browser profile management routes that persist configuration to disk. In practice, this exposed an admin-only configuration write primitive through /profiles/create...

PT-2026-26620

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description OpenClaw contains an authorization bypass issue in the WebSocket connect path. This flaw allows shared-token or password-authenticated connections to self-declare elevated scopes, such as...

CVE-2026-32302 OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode

OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted rever...

CVE-2026-32302 OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode

OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted rever...

CVE-2026-32302 OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode

OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted rever...

CVE-2026-32302

CVE-2026-32302 affects OpenClaw. In versions before 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode = trusted-proxy and the request carried proxy headers, allowing an untrusted-origin page to connect through a trusted reverse proxy and obt...

EUVD-2026-11717

OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode...