Lucene search
K

4 matches found

OSV
OSV
added 2026/03/31 12:31 p.m.5 views

GHSA-PHGF-3849-RGJQ Duplicate Advisory: OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xw77-45gv-p728. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent route...

9.2CVSS5.9AI score0.00461EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/31 12:31 p.m.6 views

Duplicate Advisory: OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xw77-45gv-p728. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent route...

9.8CVSS5.9AI score0.00461EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/31 11:17 a.m.14 views

CVE-2026-32916

Summary (concrete details): CVE-2026-32916 affects OpenClaw 2026.3.7 prior to 2026.3.11. The vulnerability is an authorization bypass in plugin subagent routes, where these routes execute gateway methods through a synthetic operator client with broad administrative scopes. Impact: remote unauthen...

9.8CVSS6AI score0.00461EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/31 11:17 a.m.24 views

CVE-2026-32916 OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes

OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent...

9.4CVSS0.00461EPSS
Exploits0References2
Rows per page
Query Builder