2610 matches found
OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`
Summary In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC. Impact On gateways where a caller is intentionally granted operator.write but not...
GHSA-8JHH-JCQG-MJ5P OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions
Summary In affected versions of openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration...
OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions
Summary In affected versions of openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration...
GHSA-4W7M-58CG-CMFF OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries
Summary In affected versions of openclaw, sandboxed leaf subagents could still access the subagents control surface and resolve against the parent requester scope instead of remaining confined to their own session tree. Impact A low-privilege sandboxed leaf worker could steer or kill a sibling ru...
OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries
Summary In affected versions of openclaw, sandboxed leaf subagents could still access the subagents control surface and resolve against the parent requester scope instead of remaining confined to their own session tree. Impact A low-privilege sandboxed leaf worker could steer or kill a sibling ru...
GHSA-4JPW-HJ22-2XMC OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE
Summary In affected versions of openclaw, a caller holding only operator.pairing could use device.token.rotate to mint a new token with broader scopes for an already paired device. If the target device was approved for operator.admin, the attacker could obtain an administrative token without...
OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE
Summary In affected versions of openclaw, a caller holding only operator.pairing could use device.token.rotate to mint a new token with broader scopes for an already paired device. If the target device was approved for operator.admin, the attacker could obtain an administrative token without...
GHSA-GP3Q-WPQ4-5C5H OpenClaw: LINE group allowlist scope mismatch with DM pairing-store entries
Summary In specific LINE configurations, sender IDs approved through DM pairing could also satisfy group allowlist checks when operators expected group sender access to be scoped only to explicit group allowlists. Affected Packages / Versions - Package: openclaw npm - Latest published version at...
OpenClaw: LINE group allowlist scope mismatch with DM pairing-store entries
Summary In specific LINE configurations, sender IDs approved through DM pairing could also satisfy group allowlist checks when operators expected group sender access to be scoped only to explicit group allowlists. Affected Packages / Versions - Package: openclaw npm - Latest published version at...
CVE-2026-3783
A flaw was found in curl. When an OAuth2 bearer token is used for an HTTPS transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the .netrc file, allowing the bearer token intended for the first host to be sent to the...
CVE-2026-32097 PingPong has improper access control in thread file endpoints allows access outside intended scope
PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...
EUVD-2026-10829
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
EUVD-2026-10828
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
CVE-2026-3582
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
CVE-2026-3582
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
CVE-2026-3582
CVE-2026-3582 affects GitHub Enterprise Server. An Incorrect Authorization vulnerability allowed an authenticated user with a classic PAT lacking the repo scope to retrieve issues and commits from private/internal repositories via the search REST API, provided the user already had access to the r...
CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
GO-2026-4565 Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations in github.com/bitnami-labs/sealed-secrets
Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations in github.com/bitnami-labs/sealed-secrets...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there were security...