CVE-2026-32906

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

CVE-2026-32906

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

CVE-2026-32906 OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

CVE-2026-32906 OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

CVE-2026-32906

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that lets exec-authorized users resolve plugin approvals via the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions out...

EUVD-2026-33333

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

PT-2026-44892

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation flaw in Slack plugin approval processes, allowing authorized users with exec...

airduct (>=0.1.13 <=0.1.22), aprsd (>=1.6.0 <=3.4.4) +42 more potentially affected by CVE-2026-34531 via flask-httpauth (>=2.5.0 <=4.8.0)

flask-httpauth PYPI version =2.5.0, =0.1.13, =1.6.0, =1.0.5, =0.0.5, =0.5.0, =4.2.6, =1.0.0, =0.0.28, =0.0.0rc24, =1.0.2, =0.2.2, =3.2.0.0, =2.0.0, =0.1.8.1, =2.2.1 and more Source cves: CVE-2026-34531 Source advisory: OSV:GHSA-P44Q-VQPR-4XMG...

EUVD-2021-12891

Malware in sbrugna...

org.jenkins-ci.plugins:global-slack-notifier (>=1.0 <=1.3) potentially affected by CVE-2019-1003043 via org.jenkins-ci.plugins:slack (=2.2)

org.jenkins-ci.plugins:slack MAVEN version =2.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:slack and may be impacted: - org.jenkins-ci.plugins:global-slack-notifier =1.0, =1.3 Source cves: CVE-2019-1003043 Source advisory:...

CVE-2021-26068

An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability...

CVE-2021-26068

An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability...

Atlassian JIRA Server 注入漏洞

Atlassian JIRA Server is the server version of a defect tracking management system from Atlassian Australia. The system is mainly used for tracking and managing all kinds of issues and defects in the workplace. Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 suffer...

CVE-2021-26068

CVE-2021-26068 affects the Atlassian Jira Server for Slack plugin, with vulnerable versions from 0.0.3 up to, but not including, 2.0.15. The issue is a template injection vulnerability in the plugin's endpoint that allows remote attackers to execute arbitrary code. Impact is high (C / I / A all h...

CVE-2021-26068

An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability...

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in the Jira Server for Slack plugin. An authenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code on the Jira server. No CVE number has yet been disclosed for the vulnerability. disclosed. Jira installations tha...

Design/Logic Flaw

Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11333 · Jenkins · Jenkins Slack Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Notification Plugin versions 2.19 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs,...