CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/12 10:16 p.m.•10 views

CVE-2026-53838

9.8CVSS0.00221EPSS

Vulnrichment•added 2026/06/12 9:57 p.m.•5 views

CVE-2026-53838 OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection

9.8CVSS5.2AI score0.00221EPSS

CVE•added 2026/06/12 9:57 p.m.•28 views

CVE-2026-53838

OpenClaw is affected by a state mutation vulnerability in node pairing reconnection prior to version 2026.5.27. The issue lets paired nodes confuse approval scope decisions by manipulating reconnection logic, potentially restoring or presenting broader node authority than intended and bypassing a...

9.8CVSS5.3AI score0.00221EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/12 9:57 p.m.•28 views

CVE-2026-53838 OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection

9.8CVSS0.00221EPSS

Positive Technologies•added 2026/06/12 12:0 a.m.•7 views

PT-2026-49042

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.27 Description A state mutation issue exists in the node pairing reconnection process. This allows paired nodes to confuse approval scope decisions, enabling attackers to exploit reconnection logic to restore ...

9.8CVSS5.2AI score0.00221EPSS

Exploits0References7

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the owner of the durable handle upon reconnection. Currently, ksmbd does not verify whether the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any...

8.8CVSS5.2AI score0.00437EPSS

Exploits1References1

Fedora•added 2026/05/18 12:59 a.m.•19 views

[SECURITY] Fedora 43 Update: valkey-8.1.7-1.fc43

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.8CVSS5.8AI score0.01228EPSS

Exploits4

SUSE CVE•added 2026/05/13 3:34 a.m.•8 views

SUSE CVE-2026-43421

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

5.5CVSS5.8AI score0.00123EPSS

CNNVD•added 2026/05/06 12:0 a.m.•3 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to reset the reconnection pending bit when reconnecting work threads is canceled. Thi...

7.5CVSS5.8AI score0.00523EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: NVMe: Fixed the failure in reconnection due to reserved tag allocation. We identified an issue in a production environment while using NVMe over RDMA. The reconnection of adminq failed indefinitely, even when the remote target an...

5.5CVSS5.9AI score0.00174EPSS

CNNVD•added 2026/05/01 12:0 a.m.•6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from ksmbd failing to verify the ownership of persistent handles during reconnection. This vulnerabili...

8.8CVSS6AI score0.00437EPSS

Exploits1References1

Vulnrichment•added 2026/04/28 6:10 p.m.•1 views

CVE-2026-42432 OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system...

7.8CVSS5.9AI score0.00131EPSS

CNNVD•added 2026/04/24 12:0 a.m.•8 views

SenseLive X3050 安全漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a security vulnerability. This vulnerability stems from insufficient verification and security controls during modifications to critical system...

8.1CVSS5.8AI score0.00324EPSS

Exploits0References1

EUVD•added 2026/04/10 12:30 a.m.•2 views

EUVD-2026-21108

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS6.5AI score0.00192EPSS

CNNVD•added 2026/04/10 12:0 a.m.•7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator operators to self-request a broader scope during backend reconnection...

8.8CVSS5.8AI score0.00276EPSS

ATTACKERKB•added 2026/04/09 9:26 p.m.•1 views

CVE-2026-35625

8.5CVSS6.5AI score0.00192EPSS

Vulnrichment•added 2026/04/09 9:26 p.m.•3 views

CVE-2026-35625 OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

8.5CVSS6.4AI score0.00192EPSS

Positive Technologies•added 2026/04/09 12:0 a.m.•2 views

PT-2026-31761

8.5CVSS6.5AI score0.00192EPSS