11 matches found
CVE-2026-35662
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...
CVE-2026-35662
OpenClaw is affected prior to version 2026.3.22 by a missing controlScope enforcement in the send action. The vulnerability allows leaf subagents to message controlled child sessions outside their authorized scope, bypassing access controls. Affected: OpenClaw before 2026.3.22. Impact is defined ...
CVE-2026-35662 OpenClaw < 2026.3.22 - Missing controlScope Enforcement in Send Action
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...
CVE-2026-35662 OpenClaw < 2026.3.22 - Missing controlScope Enforcement in Send Action
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...
EUVD-2026-21470
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...
CVE-2026-35662
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...
PT-2026-31973
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
Summary Leaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
GHSA-X2CM-HG9C-MF5W OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
Summary Leaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
AVer PTC310UV2 安全漏洞
The AVer PTC310UV2 is an auto-tracking camera from AVer Corporation. A security vulnerability exists in the Aver PTC310UV2 version v.0.1.0000.59, which originates in the SendAction function and could lead to remote execution of arbitrary code...
CVE-2016-3905
CORE/HDD/src/wlanhddmain.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449...