4 matches found
CVE-2026-59955 Apollo ConfigService access key authentication bypass via raw config file appId parsing
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...
PT-2026-60110
Summary Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey / management key authentication is enabled because authentication parsed the appId incorrectly for the raw config file endpoint. Details Requests under /configfiles/raw/appId/clusterName/namespace...
CVE-2026-26326
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Version 2026.2.14 stops including raw resolved config values in requirement check...
GHSA-8MH7-PHF8-XGFM OpenClaw skills.status could leak secrets to operator.read clients
Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...