Lucene search
K

5 matches found

NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53816

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway,...

8.6CVSS0.00342EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:9 p.m.9 views

CVE-2026-53816 OpenClaw < 2026.5.18 - Exec Lifecycle Event Forgery via Paired Node

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway,...

8.6CVSS5.2AI score0.00342EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:9 p.m.29 views

CVE-2026-53816

OpenClaw before 2026.5.18 is affected by an insufficient provenance validation vulnerability in node event handling. A malicious or compromised paired node can send crafted node.event messages to the gateway, allowing forging of exec lifecycle events and steering target sessions into exec-event p...

8.6CVSS5.5AI score0.00342EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/11 8:9 p.m.8 views

EUVD-2026-36322

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway,...

8.6CVSS5.5AI score0.00342EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:43 p.m.15 views

@hulumi/drift: Orphan reconciler accepted externally supplied execute plans

Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation input to be treated as trusted. Patched in 1.3.2: execute-plan handling now validates provenance and rejects untrusted plans, with...

5.9AI score
Exploits0References2Affected Software1
Rows per page
Query Builder