GHSA-846P-HGPV-VPHC OpenClaw: QQ Bot structured payloads could read arbitrary local files

Summary Before OpenClaw 2026.4.2, QQ Bot structured media payloads could read local files from attacker-chosen paths. A crafted structured payload could escape QQ Bot-owned media roots and cause arbitrary file reads on the host. Impact Prompt-influenced structured payload output could exfiltrate...

AegisUI: Behavioral Anomaly Detection for Structured User Interface Protocols in AI Agent Systems

AI agents that build user interfaces on the fly assembling buttons, forms, and data displays from structured protocol payloads are becoming common in production systems. The trouble is that a payload can pass every schema check and still trick a user: a button might say "View invoice" while its...

kargo 安全漏洞

Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo from 1.7.0 to 1.7.8, as well as versions before 1.8.11 and 1.9.3, contain security vulnerabilities. These vulnerabilities stem from the batch resource creation endpoints accepting specially crafted YAML...

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...