2661 matches found
Duplicate Advisory: OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-767m-xrhc-fxm7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write...
GHSA-394X-274P-MQC6 Duplicate Advisory: OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-767m-xrhc-fxm7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write...
EUVD-2026-25343
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...
GHSA-V3C2-39FM-JQ4H Duplicate Advisory: OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h2w-qmfp-ggp6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows...
EUVD-2026-25328
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or...
Duplicate Advisory: OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h2w-qmfp-ggp6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows...
PT-2026-34888
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SMB server component where the send done function needs to handle completions that lack the IB SEND SIGNALED flag. During smbdirect send batch processing, requests...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from repeated calls to smbdfreesendio after smbdsendbatchflush, resulting in double releases of...
Linux Distros Unpatched Vulnerability : CVE-2026-31534
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: client: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch...
PT-2026-34961
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the SMB client. The function smbd send batch flush already invokes smbd free send io, leading to a second call to smbd free send io after smbd post send mov...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the smbdirectsendbatch process. In this process, requests may not be signaled with IBSENDSIGNALED...
PT-2026-34960
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the SMB server component. The function smb direct flush send list already invokes smb direct free sendmsg, leading to a second call to smb direct free sendm...
CVE-2026-41359
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...
CVE-2026-41344
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or...
CVE-2026-41359 OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...
CVE-2026-41359
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...
CVE-2026-41359
OpenClaw prior to version 2026.3.28 contains a privilege escalation vulnerability. Authenticated operators with write permissions can access admin-class Telegram configuration and cron persistence settings via the send endpoint due to insufficient access controls. The CVE entry notes a CVSS v3.1/...
CVE-2026-41344
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or...
CVE-2026-41344 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose Parameter
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or...
CVE-2026-41344 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose Parameter
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or...