Lucene search
K

1314 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.42 views

PT-2026-50223

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.6AI score0.00094EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 9:31 p.m.5 views

GHSA-WRMQ-9FC4-GWWJ Duplicate Advisory: Pairing-scoped device session could restore revoked node token authority

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q99w-vh6v-q3v7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device...

8.8CVSS5.3AI score0.00275EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/16 7:17 p.m.8 views

kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

8.8CVSS5.8AI score0.00262EPSS
Exploits0References5
NVD
NVD
added 2026/06/16 7:17 p.m.12 views

CVE-2026-53862

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits...

5.4CVSS0.00088EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 7:17 p.m.20 views

CVE-2026-53852

OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope se...

5.4CVSS0.00206EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 7:17 p.m.12 views

CVE-2026-53843

OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation...

8.8CVSS0.00275EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/16 6:39 p.m.8 views

kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

8.8CVSS5.8AI score0.00262EPSS
Exploits0References5
CVE
CVE
added 2026/06/16 6:5 p.m.27 views

CVE-2026-53862

OpenClaw prior to 2026.5.12 is affected by a bootstrap token replay vulnerability that allows callers with pending token access to reuse tokens for broader scopes, potentially escalating pairing authority before approval. The issue is described in the CVE as allowing bootstrap tokens to be replay...

5.4CVSS5.3AI score0.00088EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/16 6:5 p.m.33 views

CVE-2026-53852

OpenClaw is affected by a scope containment bypass vulnerability (CVE-2026-53852) present prior to version 2026.4.25. The issue allows authenticated operators to bypass containment by submitting empty-scope device re-pairing requests, enabling them to restore broader scopes and retain unauthorize...

5.4CVSS5.3AI score0.00206EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/16 6:4 p.m.31 views

CVE-2026-53843

OpenClaw prior to 2026.5.26 contains an authorization bypass where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and al...

8.8CVSS5.3AI score0.00275EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49760

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An authorization bypass exists where a surviving pairing-scoped device session can re-establish node token authority after the token has been revoked. This allows a previously paired device to...

8.8CVSS5.2AI score0.00275EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49769

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A scope containment bypass exists in the device re-pairing process. Authenticated operators can restore or retain broader scopes than intended by submitting re-pairing requests with empty scope...

5.4CVSS5.2AI score0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36626

OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval...

9.8CVSS5.2AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.18 views

EUVD-2026-36609

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

8.8CVSS5.4AI score0.00289EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.12 views

CVE-2026-53838

OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval...

9.8CVSS0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.8 views

CVE-2026-53838 OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection

OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval...

9.8CVSS5.2AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:57 p.m.37 views

CVE-2026-53838 OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection

OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers can exploit reconnection logic to restore or present broader node authority than intended, potentially bypassing approval...

9.8CVSS0.00221EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:57 p.m.40 views

CVE-2026-53838

OpenClaw is affected by a state mutation vulnerability in node pairing reconnection prior to version 2026.5.27. The issue lets paired nodes confuse approval scope decisions by manipulating reconnection logic, potentially restoring or presenting broader node authority than intended and bypassing a...

9.8CVSS5.3AI score0.00221EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.33 views

CVE-2026-53821 OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

8.8CVSS0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.9 views

CVE-2026-53821 OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

8.8CVSS5.4AI score0.00289EPSS
Exploits0References2
Rows per page
Query Builder