Lucene search
+L

64 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 5:25 p.m.15 views

CVE-2026-42300 DevGuard: Unauthenticated identity assertion via `X-Admin-Token` header

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

9.3CVSS5.9AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 5:25 p.m.37 views

CVE-2026-42300

CVE-2026-42300 affects DevGuard’s SessionMiddleware and related components prior to version 1.2.2. The vulnerability arises because a client-supplied header, X-Admin-Token , is accepted and its raw value is used as the authenticated userID when no Kratos session cookie is present. An attacker who...

9.3CVSS5.9AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 5:25 p.m.3 views

CVE-2026-42300 DevGuard: Unauthenticated identity assertion via `X-Admin-Token` header

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

9.3CVSS6AI score0.00257EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 7:49 p.m.2 views

CVE-2026-44118 OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header

OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...

8.5CVSS7.2AI score0.00112EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/05 8:58 p.m.10 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SessionMiddleware process when the X-Admin-Token HTTP header is accepted from the client and its raw value is used as the authenticated user ID if no Kratos session cookie ...

9.8CVSS5.8AI score0.00257EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 8:58 p.m.5 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SessionMiddleware process when the X-Admin-Token HTTP header is accepted from the client and its raw value is used as the authenticated user ID if no Kratos session cookie ...

9.8CVSS5.8AI score0.00257EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 8:58 p.m.8 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SessionMiddleware process when the X-Admin-Token HTTP header is accepted from the client and its raw value is used as the authenticated user ID if no Kratos session cookie ...

9.8CVSS5.8AI score0.00257EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 8:58 p.m.12 views

DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header

Impact The SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated attacker who knows or can guess a target user's Kratos identity UUID can issue requests a...

9.3CVSS5.8AI score0.00257EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37260

Name of the Vulnerable Software and Affected Versions DevGuard versions prior to 1.2.2 Description An authentication bypass exists in the SessionMiddleware where the system accepts a client-supplied X-Admin-Token HTTP request header. When no Kratos session cookie is present, the raw string value ...

9.3CVSS5.8AI score0.00257EPSS
Exploits0References8
OSV
OSV
added 2026/04/01 11:9 p.m.2 views

GHSA-HPM8-9QX6-JVWV Parser Server's streaming file download bypasses afterFind file trigger authorization

Impact File downloads via HTTP Range requests bypass the afterFindParse.File trigger and its validators on storage adapters that support streaming e.g. the default GridFS adapter. This allows access to files that should be protected by afterFind trigger authorization logic or built-in validators...

8.2CVSS5.9AI score0.00378EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/29 3:30 p.m.4 views

EUVD-2026-17020

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket...

8.7CVSS5.9AI score0.00531EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.13 that stems from the software reading and caching Webhook request bodies before validating the x-telegram-bot-api-secret-token request header. An attacker could use thi...

8.7CVSS5.8AI score0.00531EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 2:16 a.m.7 views

CVE-2026-22174

OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the...

6.8CVSS0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.8 views

PT-2026-27245

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.7 Description OpenClaw’s fetchWithSsrFGuard... function improperly validates headers during cross-origin redirects, allowing custom authorization headers like X-Api-Key and Private-Token to be forwarded to a...

9.3CVSS5.9AI score0.00316EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.6 views

CVE-2026-28395

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl...

9.1CVSS5.8AI score0.00396EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28395 OpenClaw 2026.1.14-1 < 2026.2.12 - Unintended Public Binding of Chrome Extension Relay via Wildcard cdpUrl

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUr...

6.5CVSS5.8AI score0.00396EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 9:59 p.m.20 views

CVE-2026-28395

OpenClaw's Chrome extension relay server (ensureChromeExtensionRelayServer) incorrectly treats wildcard hosts (0.0.0.0/::) as loopback, causing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl is configured. Affected versions are 2026.1.14-1 through 2026.2.11; fixed in 20...

9.1CVSS5.8AI score0.00396EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/05 9:59 p.m.9 views

EUVD-2026-9895

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl...

6.3CVSS5.9AI score0.00396EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/03 9:50 p.m.10 views

OpenClaw Loopback CDP probe can leak Gateway token to local listener

Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. Details Affected versions inject x-openclaw-relay-token for loopback CDP URLs, and CDP reachability probes send that header to /json/version. If an attacker controls the probed loopback...

6.8CVSS6AI score0.00126EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2026/03/02 12:0 a.m.8 views

OpenClaw Data Forgery Issue Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw is vulnerable to a data forgery issue. The vulnerability stems from an unverified Telegram key token header and can be exploited by an attacker to process forged updates and perform unexpected actions...

7.5CVSS5.8AI score0.002EPSS
Exploits1References1
Rows per page
Query Builder