Lucene search
+L

36 matches found

ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.17 views

PT-2026-45601

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in multiple locations allows for the bypass of user interaction during the pairing of an LE Low Energy device. This flaw enables remote escalation of privilege for an adjacent...

8CVSS6AI score0.00121EPSS
Exploits0References3
veracode
veracode
added 2026/05/16 5:8 a.m.6 views

Privilege Escalation

OpenClaw is vulnerable to privilege escalation. The vulnerability is due to improper authorization in the node reconnection process, which allows an attacker using a previously paired node to bypass re-pairing authentication and execute privileged commands on the local assistant system...

7.8CVSS6AI score0.00131EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/04/28 6:10 p.m.5 views

CVE-2026-42432 OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system...

7.8CVSS5.9AI score0.00131EPSS
Exploits0References3
osv
osv
added 2026/04/10 4:3 p.m.4 views

CVE-2026-35664 OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization...

6.9CVSS6AI score0.00276EPSS
Exploits0References5
cvelist
cvelist
added 2026/04/10 4:3 p.m.29 views

CVE-2026-35663 OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS0.00276EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/10 4:3 p.m.2 views

CVE-2026-35663

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References4
osv
osv
added 2026/04/10 4:3 p.m.5 views

CVE-2026-35661 OpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization Bypass

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypas...

6.9CVSS6AI score0.00285EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/10 12:0 a.m.9 views

PT-2026-31972

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypas...

6.9CVSS5.8AI score0.00285EPSS
Exploits0References4
euvd
euvd
added 2026/03/21 3:31 a.m.5 views

EUVD-2026-13933

OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present...

8.8CVSS5.8AI score0.00439EPSS
Exploits0References4
nvd
nvd
added 2026/03/21 1:17 a.m.4 views

CVE-2026-32042

OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present...

8.8CVSS0.00439EPSS
Exploits0References3
osv
osv
added 2026/03/21 12:42 a.m.6 views

CVE-2026-32057 OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter

OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui...

6CVSS6.1AI score0.00335EPSS
Exploits0References5
cve
cve
added 2026/03/21 12:42 a.m.31 views

CVE-2026-32042

OpenClaw version set

8.8CVSS5.8AI score0.00439EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/03/21 12:42 a.m.6 views

CVE-2026-32042 OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication

OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present...

8.7CVSS5.9AI score0.00439EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/03/21 12:0 a.m.7 views

PT-2026-26725

OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers with valid shared gateway authentication can present...

8.8CVSS5.8AI score0.00439EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/03/21 12:0 a.m.8 views

PT-2026-26739

OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui...

6CVSS5.9AI score0.00335EPSS
Exploits0References4
cnvd
cnvd
added 2026/03/12 12:0 a.m.8 views

OpenClaw Access Control Error Vulnerability (CNVD-2026-13595)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the gateway WebSocket connection handshake allowing device identity checks to be skipped when auth.token is present but not verified, which can be...

9.8CVSS5.7AI score0.00357EPSS
Exploits0References1
github
github
added 2026/03/03 9:52 p.m.9 views

OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions

Summary A trusted-proxy Control UI pairing bypass accepted client.id=control-ui without device identity checks. The bypass did not require operator role, so an authenticated node role session could connect unpaired and reach node event methods. Impact With trusted-proxy authentication enabled, a...

8.1CVSS6.1AI score0.00335EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/03/03 9:52 p.m.4 views

GHSA-VVGP-4C28-M3JM OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions

Summary A trusted-proxy Control UI pairing bypass accepted client.id=control-ui without device identity checks. The bypass did not require operator role, so an authenticated node role session could connect unpaired and reach node event methods. Impact With trusted-proxy authentication enabled, a...

7.1CVSS6.1AI score0.00335EPSS
Exploits0References5
osv
osv
added 2026/03/03 9:39 p.m.7 views

GHSA-553V-F69R-656J OpenClaw unpaired device identity can bypass operator pairing and self-assign operator scopes with shared auth

Summary A client using shared gateway auth could attach an unpaired device identity and request elevated operator scopes including operator.admin before pairing approval, enabling privilege escalation. Impact Attackers with valid shared gateway auth could self-assign higher operator scopes by...

5.3CVSS5.9AI score0.00439EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19417

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00256EPSS
Exploits0References2
Rows per page
Query Builder