Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2026-36608

OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command...

6.9CVSS5.2AI score0.00094EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.15 views

CVE-2026-53820

OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command...

6.9CVSS0.00094EPSS
Exploits0References2
OSV
OSV
added 2026/03/09 7:54 p.m.4 views

GHSA-9Q36-67VC-RRWG OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions

Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...

6.1CVSS5.5AI score0.00104EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/09 7:54 p.m.12 views

OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions

Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...

7.1CVSS5.5AI score0.00104EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder