Lucene search
K

7 matches found

EUVD
EUVD
added 2026/03/19 10:7 p.m.6 views

EUVD-2026-13330

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.5CVSS5.8AI score0.0011EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-44C9-4RG5-QJGQ Duplicate Advisory: web_search citation redirect SSRF via private-network-allowing policy

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g99v-8hwm-g76g. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirec...

7.4CVSS5.8AI score0.00184EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.8 views

Duplicate Advisory: OpenClaw: system.run approvals did not bind PATH-token executable identity, enabling post-approval executable rebind

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q399-23r3-hfx4. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv0 tokens in system.run...

6.7CVSS5.9AI score0.00091EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31999 OpenClaw 2026.2.26 < 2026.3.1 - Current Working Directory Injection via Windows Wrapper Resolution Fallback

OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution...

6.3CVSS6AI score0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.26 views

CVE-2026-28461 OpenClaw < 2026.3.1 - Unbounded Memory Growth in Zalo Webhook via Query String Key Churn

OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows unauthenticated attackers to trigger in-memory key accumulation by varying query strings. Remote attackers can exploit this by sending repeated requests with different que...

8.7CVSS0.00354EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

Misskey 数据伪造问题漏洞

Misskey is an open-source, permanently free social media platform developed by Misskey. Versions of Misskey prior to 2026.3.1 had a data manipulation vulnerability, which stemmed from allowing bypasses of HTTP signature verification...

7.5CVSS5.7AI score0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.3 views

PT-2026-24121

Name of the Vulnerable Software and Affected Versions Misskey versions prior to 2026.3.1 Description Misskey is a federated social media platform. All servers prior to version 2026.3.1 are susceptible to an issue that allows bypassing HTTP signature verification. This affects all servers, even...

7.5CVSS5.8AI score0.00148EPSS
Exploits0References8
Rows per page
Query Builder