Lucene search
K

69 matches found

OSV
OSV
added 2026/03/29 3:49 p.m.3 views

GHSA-H4JX-HJR3-FHGC OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`

Summary Gateway Plugin Subagent Fallback deleteSession Uses Synthetic operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway plugin subagent...

8.1CVSS5.9AI score0.0028EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/29 3:49 p.m.8 views

OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`

Summary Gateway Plugin Subagent Fallback deleteSession Uses Synthetic operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway plugin subagent...

8.8CVSS5.9AI score0.0028EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/29 1:16 p.m.5 views

CVE-2026-32915

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...

9.3CVSS0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/29 12:44 p.m.4 views

CVE-2026-32915

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...

9.3CVSS6.1AI score0.00142EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.22 views

CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...

9.3CVSS0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/29 12:44 p.m.1 views

CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...

9.3CVSS6.1AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.4 views

PT-2026-28447

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw before version 2026.3.11 contains a sandbox boundary bypass issue. This allows leaf subagents to access the subagents control surface and resolve against a parent requester scope instea...

9.3CVSS6.1AI score0.00142EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11 that stems from insufficient authorization checking of subagent control requests, resulting in a leaf child agent being able to access the subagent control plane and...

9.3CVSS6AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 3:47 p.m.1 views

GHSA-XW77-45GV-P728 OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes

Summary In affected versions of openclaw, the plugin subagent runtime dispatched gateway methods through a synthetic operator client that always carried broad administrative scopes. Plugin-owned HTTP routes using auth: "plugin" could therefore trigger admin-only gateway actions without normal...

9.4CVSS5.8AI score0.00461EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.4 views

OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes

Summary In affected versions of openclaw, the plugin subagent runtime dispatched gateway methods through a synthetic operator client that always carried broad administrative scopes. Plugin-owned HTTP routes using auth: "plugin" could therefore trigger admin-only gateway actions without normal...

9.8CVSS5.8AI score0.00461EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-5761

Malware in sbrugna...

6.7CVSS6.5AI score0.00336EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-2348

Malware in sbrugna...

5CVSS6.1AI score0.01992EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 a.m.6 views

CVE-2019-14600

Uncontrolled search path element in the installer for IntelR SNMP Subagent Stand-Alone for Windows may allow an authenticated user to potentially enable escalation of privilege via local access...

6.7CVSS7.1AI score0.00336EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/10/09 6:30 p.m.10 views

net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously

A flaw was found in net-snmp. This issue occurs due to improper input validation when simultaneously setting malformed OIDs in the master agent and subagent...

6.5CVSS5.7AI score0.01052EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/26 7:12 p.m.10 views

net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously

A flaw was found in net-snmp. This issue occurs due to improper input validation when simultaneously setting malformed OIDs in the master agent and subagent...

6.5CVSS5.7AI score0.01052EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/16 7:44 p.m.26 views

CVE-2022-24806 net-snmp vulnerable to Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a...

6.5CVSS6.4AI score0.01052EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/04/16 7:44 p.m.35 views

CVE-2022-24806

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a...

6.5CVSS7.3AI score0.01052EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.3 views

SUSE CVE-2014-2310

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service hang by sending a multi-object request with an Object ID OID containing more subids than previous requests, a different vulnerability than CVE-2012-6151...

5CVSS6.9AI score0.01992EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/07/01 5:56 p.m.35 views

CVE-2022-24806

A flaw was found in net-snmp. This issue occurs due to improper input validation when simultaneously setting malformed OIDs in the master agent and subagent...

5.9CVSS3.2AI score0.01052EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/01 12:0 a.m.3 views

Net-SNMP 输入验证错误漏洞

Net-SNMP is an open source Simple Network Management Protocol SNMP software. The software is used to monitor network devices, computer devices, UPS devices, and more. An input validation error vulnerability exists in Net-SNMP, which arises from incorrect input validation when setting an incorrect...

6.5CVSS6.9AI score0.01052EPSS
Exploits0References16
Rows per page
Query Builder