Lucene search
K

6 matches found

NVD
NVD
added 2026/04/28 7:37 p.m.4 views

CVE-2026-42422

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS0.00282EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:10 p.m.4 views

CVE-2026-42422

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS5.2AI score0.00282EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/28 6:10 p.m.32 views

CVE-2026-42422 OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS0.00282EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35801

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS5.2AI score0.00282EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/09 5:33 p.m.7 views

OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing

Impact OpenClaw device.token.rotate mints tokens for unapproved roles, bypassing device role-upgrade pairing. Device token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval. OpenClaw is a user-controlled local assistant. This advisory is scoped t...

8.8CVSS5.9AI score0.00282EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/09 5:33 p.m.4 views

GHSA-WHF9-3HCX-GQ54 OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing

Impact OpenClaw device.token.rotate mints tokens for unapproved roles, bypassing device role-upgrade pairing. Device token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval. OpenClaw is a user-controlled local assistant. This advisory is scoped t...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References5
Rows per page
Query Builder