4 matches found
CVE-2026-42597
Gotenberg’s Chromium URL routes (/forms/chromium/convert/url and /forms/chromium/screenshot/url) allow file:// access to /tmp for anonymous callers, enabling cross-request data exfiltration by enumerating work/request directories during overlapping conversions. This is caused by the HTML/Markdown...
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the browser snapshot, screenshot, and tab routes due to insufficient validation of the final browser target after navigation. An attacker can access internal or...
CVE-2026-42436
OpenClaw before 2026.4.14 has an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by ...
GHSA-C4QM-58HJ-J6PJ OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation
Summary Browser snapshot and screenshot routes could expose internal page content after navigation. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Authenticated browser tool callers could use snapshot, screenshot, or tab routes that did n...