Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007044)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007044 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list...

Duplicate Advisory: OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h4jx-hjr3-fhgc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback...

CVE-2026-35645

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privilege...

PT-2026-31778

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains a privilege escalation issue in the gateway plugin subagent's deleteSession function. This function utilizes a synthetic operator.admin runtime scope, allowing attackers to...

EUVD-2026-17369

OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent...

CVE-2026-32916

Summary (concrete details): CVE-2026-32916 affects OpenClaw 2026.3.7 prior to 2026.3.11. The vulnerability is an authorization bypass in plugin subagent routes, where these routes execute gateway methods through a synthetic operator client with broad administrative scopes. Impact: remote unauthen...

CVE-2026-32916 OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes

OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent...

PT-2026-29226

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.3.7 through 2026.3.10 Description The software contains an authorization bypass issue where plugin subagent routes execute gateway methods using a synthetic operator client with extensive administrative permissions...

CVE-2026-1976

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the SessionDeletionResponse function of the SMF component. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference remotely. Remediation Upgrad...

CVE-2026-1976

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...

CVE-2026-1976

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...

CVE-2026-1976 Free5GC SMF SessionDeletionResponse null pointer dereference

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...

CVE-2026-1976 Free5GC SMF SessionDeletionResponse null pointer dereference

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...

EUVD-2026-5602

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...

CVE-2026-1976

CVE-2026-1976 affects Free5GC up to version 4.1.0, specifically the SMF component’s function SessionDeletionResponse. The vulnerability is a null pointer dereference caused by the manipulation, with remote exploitation possible. Public exploits are available, and a patch is recommended to address...

PT-2026-6669

Name of the Vulnerable Software and Affected Versions Free5GC versions prior to 4.1.1 Description A flaw exists in Free5GC up to version 4.1.0 within the SessionDeletionResponse function of the SMF component. This issue results in a null pointer dereference, potentially allowing for remote...

free5GC 代码问题漏洞

Free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of Free5GC prior to 4.1.0 contain code vulnerabilities. These vulnerabilities stem from a flaw in the SessionDeletionResponse function within the SMF component, which may lead to null pointer dereferencing...

CVE-2026-23646

OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...

CVE-2026-23646

OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...