Lucene search
K

340 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-58578

LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41420

LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago10 views

EUVD-2026-36325

OpenClaw: Workspace .env could override Homebrew executable selection for skill install flows...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 9:32 p.m.8 views

Duplicate Advisory: Host environment sanitizer missed two Node.js control variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ccwh-wwpp-6wg5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that...

8.1CVSS5.2AI score0.00246EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/16 7:17 p.m.9 views

CVE-2026-53845

OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch path to bypass hook-based auditing and policy...

4.3CVSS0.00185EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49762

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description A hook bypass issue exists where skill commands routed through a specific dispatch path skip the runBeforeToolCallHook coverage. This allows attackers to send skill commands through the affected...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49781

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description Insufficient sanitization in the host environment sanitizer allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or...

8.1CVSS5.2AI score0.00246EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/15 9:35 a.m.70 views

Cyber-Arena

CyberArena - Cybersecurity Challenge Platform CyberArena is a...

5.4AI score
Exploits0
NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53819

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.8CVSS0.00298EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.10 views

CVE-2026-53808

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

6.5CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:10 p.m.21 views

CVE-2026-53819 OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.8CVSS6.1AI score0.00298EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:10 p.m.28 views

CVE-2026-53819

OpenClaw prior to 2026.5.27 is affected by an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can cause OpenClaw to execute unintended Homebrew-compatible ...

8.8CVSS6.2AI score0.00298EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/11 8:10 p.m.30 views

CVE-2026-53819 OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.8CVSS0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:6 p.m.8 views

CVE-2026-53808 OpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

6.5CVSS5.2AI score0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:6 p.m.32 views

CVE-2026-53808 OpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

6.5CVSS0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 8:6 p.m.10 views

EUVD-2026-36314

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

6.5CVSS5.5AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:6 p.m.22 views

CVE-2026-53808

OpenClaw prior to 2026.5.6 contains an approval policy bypass in the Skill Workshop apply flow, allowing attacker-controlled agent tool calls to set apply: true despite approvalPolicy: pending. This enables modification of workshop configurations without proper authorization when the affected app...

6.5CVSS5.4AI score0.00194EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

OpenClaw 权限许可和访问控制问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.27 had code-related vulnerabilities. These vulnerabilities stemmed from issues with code execution during the skill installation process. The workarea.env file could override th...

8.8CVSS6.3AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48749

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.27 Description An arbitrary code execution issue exists in skill install flows. This occurs because workspace .env files can override the Homebrew executable selection, allowing attackers with access to truste...

8.8CVSS6.2AI score0.00298EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.10 views

PT-2026-48738

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description An approval policy bypass exists in the Skill Workshop apply flow. This issue allows agent tool calls to set the apply variable to true even when the approvalPolicy is configured as pending. An...

6.5CVSS5.2AI score0.00194EPSS
Exploits0References5
Rows per page
Query Builder