79 matches found
CVE-2026-41371
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from an issue in chat.send, which allowed for privilege escalation. This could potentially allow attackers t...
CVE-2026-41371
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...
CVE-2026-41371 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset Command
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...
CVE-2026-41371 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset Command
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...
CVE-2026-35901
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connectio...
CVE-2026-33797
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...
CVE-2026-35660 OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...
CVE-2026-35660
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...
EUVD-2026-21466
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey ...
EUVD-2026-21208
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...
CVE-2026-33797 Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...
CVE-2026-33797 Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...
CVE-2026-33797
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...
CVE-2026-33797
CVE-2026-33797 affects Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated, adjacent attacker can reset only an established BGP session by sending a specific genuine BGP packet, causing DoS on that session. Repeated packets sustain the DoS. Affected are Junos OS 25.2 before 25.2R2 ...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the chat.send process. An attacker can trigger a session reset, archive the prior transcript state, and force a new session ID for a target session by...
OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`
Summary The chat.send path reused command authorization to trigger /reset session rotation even though direct session reset is an admin-only control-plane operation. Impact A write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id...
GHSA-5R8F-96GM-5J6G OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`
Summary The chat.send path reused command authorization to trigger /reset session rotation even though direct session reset is an admin-only control-plane operation. Impact A write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id...
CVE-2026-32919 OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holdin...
CVE-2026-32919
Affected software : OpenClaw prior to 2026.3.11. Issue : authorization bypass allows write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can trigger agent requests containing /new or /reset slash commands to reset targeted conversation state without o...