Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.2 views

CVE-2026-41403 OpenClaw < 2026.3.31 - Access Control Bypass via Proxied Remote Request Misclassification

OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local loopback traffic,...

6.3CVSS5.2AI score0.00259EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 3:24 a.m.10 views

GHSA-3XV9-89FM-7H4R OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled

Summary diffs viewer misclassifies proxied remote requests as loopback when allowRemoteViewer is disabled Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 misclassified proxied diff-viewer requests as local loopback in some cases, a real but...

6.3CVSS5.8AI score0.00259EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/03 3:24 a.m.7 views

OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled

Summary diffs viewer misclassifies proxied remote requests as loopback when allowRemoteViewer is disabled Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 misclassified proxied diff-viewer requests as local loopback in some cases, a real but...

6.3CVSS5.9AI score0.00259EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder