Lucene search
K

79 matches found

EUVD
EUVD
added 2026/04/10 4:3 p.m.6 views

EUVD-2026-21470

OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...

5.3CVSS5.8AI score0.002EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/10 12:30 a.m.5 views

EUVD-2026-21134

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS6.5AI score0.00458EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.1 views

CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS6.4AI score0.00458EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.19 views

CVE-2026-35639 OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation ...

8.8CVSS0.00458EPSS
Exploits0References4
CVE
CVE
added 2026/04/09 9:27 p.m.20 views

CVE-2026-35639

CVE-2026-35639 affects OpenClaw prior to 2026.3.22. The vulnerability is in the device.pair.approve method, where an operator.pairing approver can approve pending device requests with broader operator scopes than the approver holds. This insufficient scope validation can escalate privileges to op...

8.8CVSS6.5AI score0.00458EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:26 p.m.6 views

CVE-2026-34512 OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticat...

8.1CVSS5.9AI score0.00346EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 9:26 p.m.5 views

CVE-2026-34512

OpenClaw before 2026.3.25 exposes an improper access control in the HTTP endpoint /sessions/:sessionKey/kill that lets any bearer-authenticated user invoke admin-level session termination via the killSubagentRunAdmin function, bypassing ownership/operator scope restrictions. The vulnerability ena...

8.1CVSS6.1AI score0.00346EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.9 views

PT-2026-31755

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains an improper access control issue in the /sessions/:sessionKey/kill route. Any bearer-authenticated user can invoke admin-level session termination functions without proper scop...

8.1CVSS5.9AI score0.00346EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-32726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypas...

8.1CVSS5.8AI score0.00272EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.4 views

CVE-2026-33579

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

8.6CVSS5.9AI score0.00624EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 12:0 a.m.4 views

EUVD-2026-17433

OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes...

8.6CVSS5.9AI score0.00379EPSS
Exploits0References4
OSV
OSV
added 2026/04/01 12:0 a.m.4 views

GHSA-2X4X-CC5G-QMMG OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes

Summary The node pairing approval path did not consistently enforce that the approving caller already held every scope requested by the node. Impact A lower-privileged operator could approve a pending node request for broader scopes and extend privileges onto the paired node. Affected Component...

9.8CVSS5.9AI score0.00379EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/31 10:51 p.m.6 views

SciTokens has an Authorization Bypass via Path Traversal in Scope Validation

Summary The Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path from the token and the requested path from the...

8.1CVSS5.9AI score0.00516EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/31 10:51 p.m.5 views

GHSA-3X2W-63FP-3QVW SciTokens has an Authorization Bypass via Path Traversal in Scope Validation

Summary The Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path from the token and the requested path from the...

8.1CVSS5.9AI score0.00516EPSS
Exploits1References6
OSV
OSV
added 2026/03/31 10:51 p.m.1 views

GHSA-W8FP-G9RH-34JH SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking

Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...

8.1CVSS5.9AI score0.00389EPSS
Exploits1References5
OSV
OSV
added 2026/03/31 6:16 p.m.5 views

DEBIAN-CVE-2026-32726

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS5.3AI score0.00272EPSS
Exploits1References1
OSV
OSV
added 2026/03/31 6:16 p.m.2 views

UBUNTU-CVE-2026-32726

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS5.7AI score0.00272EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/31 5:1 p.m.25 views

CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS0.00272EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/31 4:54 p.m.3 views

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization due to missing validation of caller scopes in the pair approve process. An attacker can gain unauthorized administrative access by approving...

9.9CVSS5.9AI score0.00624EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 3:31 p.m.4 views

EUVD-2026-17437

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

8.6CVSS5.9AI score0.00624EPSS
Exploits0References4
Rows per page
Query Builder