CVE-2026-33579

Technical details, affected products, and remediation are not provided in the supplied documents. Monitor for updates.

CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

CVE-2026-33577

CVE-2026-33577 (OpenClaw) : OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node-pairing approval path. The issue is caused by missing callerScopes validation in node-pairing.ts, allowing a low-privilege operator to approve nodes with broader scopes onto t...

CVE-2026-33577 OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

CVE-2026-33577

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

CVE-2026-33577 OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

Improper Authorization

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to Improper Authorization via the validatescp and validatescope functions. An attacker can gain unauthorized access to sibling paths by crafting tokens with scope paths that share a...

CVE-2026-32727 SciTokens: Authorization Bypass via Path Traversal in Scope Validation

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

CVE-2026-32727 SciTokens: Authorization Bypass via Path Traversal in Scope Validation

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

CVE-2026-32727

CVE-2026-32727 concerns SciTokens: prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack via a token scope claim containing dot-dot (..). The issue arises from normalization of both the authorized path and the requested path, then comparing with startswith. Affected: SciTo...

CVE-2026-32727 SciTokens: Authorization Bypass via Path Traversal in Scope Validation

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

PT-2026-29257

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description OpenClaw contains an insufficient scope validation issue in the node pairing approval path. This allows low-privilege operators to approve nodes with broader scopes than they are authorized to,...

PT-2026-31774

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw contains a privilege escalation issue in the device.pair.approve method. An operator with pairing approval rights can approve device requests with broader operator scopes than authorize...

CVE-2026-4428

The CVE relates to AWS-LC CRL distribution point validation logic before 1.71.0. A logic error caused partitioned CRLs to be incorrectly rejected as out of scope, enabling a revoked certificate to bypass revocation checks. Affected software is AWS-LC prior to 1.71.0; the issue is fixed in AWS-LC ...

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier have security vulnerabilities. Thes...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GRPC authorization middleware. An attacker can access resources outside the intended scope by bypassing scope validation through the archiver service. Remediation Upgrade...

Grafana security vulnerabilities

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability, where the dashboard’s permission API...

Free5gc NRF is vulnerable to scope validation bypass via maliciously crafted targetNF value

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...

CVE-2025-66719

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...