GHSA-RV2Q-F2H5-6XMG OpenClaw's Node role device-identity bypass allows unauthorized node.event injection

Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...

OpenClaw unpaired device identity can bypass operator pairing and self-assign operator scopes with shared auth

Summary A client using shared gateway auth could attach an unpaired device identity and request elevated operator scopes including operator.admin before pairing approval, enabling privilege escalation. Impact Attackers with valid shared gateway auth could self-assign higher operator scopes by...

PT-2026-26383

Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...

NetSupport Manager 安全漏洞

NetSupport Manager is a remote control software from NetSupport Manager, Inc. A security vulnerability exists in NetSupport Manager versions prior to 14.12.0001 that stems from the use of a reversible coding scheme to store a shared Gateway Key, which could lead to unauthorized access...