Lucene search
K

7 matches found

NVD
NVD
added 2026/06/16 7:17 p.m.12 views

CVE-2026-53844

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory entries that shoul...

6.5CVSS0.0021EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:4 p.m.17 views

CVE-2026-53844

OpenClaw vulnerability CVE-2026-53844 affects OpenClaw prior to version 2026.4.29, involving a session visibility check bypass in the shared memory search path. The issue enables authenticated callers to skip session visibility guards and access memory entries that should not be visible to their ...

6.5CVSS5.3AI score0.0021EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49761

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.29 Description A session visibility check bypass exists in the shared memory search of the memory-wiki feature. This allows authenticated callers to skip session visibility guards on the search path, enabling...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:58 p.m.3 views

CVE-2026-41350

OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the sessionstatus function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invocations. Attackers can invoke sessionstatus without sandbox constraints to bypass session-policy...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were due to a session visibility bypass vulnerability. The sessionstatus function did not enforce the configured...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.9 views

PT-2026-34781

OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session status function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invocations. Attackers can invoke session status without sandbox constraints to bypass session-policy...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/07 6:11 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the sessionstatus process. An attacker can bypass configured session visibility restrictions by invoking unsandboxed sessions, potentially accessing session...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References2
Rows per page
Query Builder