OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay

Summary Delivery queue recovery could lose group tool-policy context for media replay. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 = 2026.4.14 Impact Recovered queued outbound media could be replayed without the original session context neede...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the delivery queue recovery. An attacker can bypass group tool-policy enforcement for media replay by replaying recovered queued outbound media without the origin...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization when handling collect-mode queue batches, where messages from different senders could be processed together using the authorization context of the final sender. An...

GHSA-JWRQ-8G5X-5FHM OpenClaw: Collect-mode queue batches could reuse the last sender authorization context

Summary Collect-mode queue batches could reuse the last sender authorization context. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Collect-mode queued messages from different senders could be drained as one batch using the final sender'...

OpenClaw: Collect-mode queue batches could reuse the last sender authorization context

Summary Collect-mode queue batches could reuse the last sender authorization context. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Collect-mode queued messages from different senders could be drained as one batch using the final sender'...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007279)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007279 advisory. In the Linux kernel, the following vulnerability has been resolved: iavf: free qvectors before queues in iavfdisablevf iavffreequeues clears adapter-numactivequeues,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007362)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007362 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix kernel NULL pointer dereference error When rxequeueinit in the function rxeqpinitre...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007244 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: cups (UTSA-2026-010665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010665 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007394)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007394 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187stop move the call of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007590 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cmid...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007463)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007463 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007229)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007229 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007539 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbdstartdeviceioctl syzbot reported hung task 1. The followi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007563)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007563 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blkcleanupqueue and diskrelease For avoiding to slow...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007390)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007390 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized...

PT-2026-37020

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description An authorization context reuse issue exists in collect-mode queue batches. This allows messages from different senders to inherit the authorization context of the final sender. An attacker can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007222)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007222 advisory. In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot 1, there is a memory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007417)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007417 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: cups (UTSA-2026-007170)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007170 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a...