16742 matches found
CVE-2026-42429
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...
CVE-2026-42429
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...
EUVD-2026-26131
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway au...
CVE-2026-42429
OpenClaw vulnerability CVE-2026-42429 affects the OpenClaw npm package (openclaw) prior to version 2026.4.8. The gateway plugin HTTP authentication path (auth: gateway) can widen identity-bearing operator.read requests into runtime operator.write permissions, allowing read-scoped requests to gain...
CVE-2026-42429 OpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP Authentication
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...
CVE-2026-42429 OpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP Authentication
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...
EUVD-2026-26096
OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...
AgentWard: A Lifecycle Security Architecture for Autonomous AI Agents
Autonomous AI agents extend large language models into full runtime systems that load skills, ingest external content, maintain memory, plan multi-step actions, and invoke privileged tools. In such systems, security failures rarely remain confined to a single interface; instead, they can propagat...
PT-2026-35807
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway au...
PT-2026-35778
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An authentication bypass exists where unauthenticated 'plugin-auth' HTTP routes are granted operator runtime write scopes. This allows unauthorized users to access these routes and perform...
StellarGroup HPX 安全漏洞
StellarGroup HPX is a high-performance parallel runtime system developed by StellarGroup Corporation. Version 1.11.0 of StellarGroup HPX contains a security vulnerability, which stems from unsafe deserialization of untrusted inputs, potentially allowing attackers to execute arbitrary code...
Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime and IBM SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700
Summary IBM Virtualization Engine TS7700 is susceptible to Denial of Service CVE-2026-21945, Tampering CVE-2026-21932, Information Disclosure CVE-2026-21933, CVE-2026-21925 and Elevation of Privilege CVE-2026-1188 threats due to the use of IBM Semeru Runtime and IBM SDK, Java Technology Edition...
JLSEC-2026-280 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
Summary The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. An unauthenticated attacker can set rc.NoAuth=true, which disables the authorization gate for many RC methods registered with...
CVE-2026-40022
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...
CVE-2026-40022
CVE-2026-40022 affects Apache Camel Platform HTTP Main: when authentication is enabled and a non-root context path (e.g., /api or /admin) is configured, BasicAuthenticationConfigurer/JWTAuthenticationConfigurer derive the path from properties.getPath() if explicit authenticationPath is not set. C...
EUVD-2026-25807
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...
SUSE CVE-2026-31683
In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packetlen bytes, while a later packet can still ...
Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014343)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014343 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxpci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...
GHSA-HXVM-XJVF-93F3 OpenClaw: Workspace dotenv could override runtime-control environment variables
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Workspace .env loading did not reserve the OPENCLAW runtime-control namespace broadly enough. A malicious workspace could set variables such as OPENCLAWGITDIR before source-upda...
OpenClaw: Workspace dotenv could override runtime-control environment variables
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Workspace .env loading did not reserve the OPENCLAW runtime-control namespace broadly enough. A malicious workspace could set variables such as OPENCLAWGITDIR before source-upda...