CVE-2026-45350

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...

CVE-2026-44466

Zed code editor contains a local, high-severity flaw (CVE-2026-44466) in the terminal tool permission system that can bypass the allowlist via bash arithmetic expansion $((...)), enabling arbitrary commands nested inside an allowlisted command (e.g., echo). This affects Zed prior to version 0.229...

CVE-2026-44463 Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

EUVD-2026-32939

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

CVE-2026-44462 Zed: Allowlist Bypass via Bash Variable Expansion Chain in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...

Sandbox Bypass

OpenClaude is vulnerable to Improper Access Control. The vulnerability is due to a logic flaw in bashToolHasPermission within src/tools/BashTool/bashPermissions.ts, where the sandbox auto-allow path returns success before checkPathConstraints is evaluated, allowing attackers to use path traversal...

CVE-2026-35570

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in bashToolHasPermission inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is...

CVE-2026-35570

CVE-2026-35570 affects the OpenClaude project. A logic flaw in the function bashToolHasPermission() (in src/tools/BashTool/bashPermissions.ts) causes an early exit with an allow decision when sandbox auto-allow is enabled and no explicit deny rule exists, bypassing the path constraint check (chec...

CVE-2026-35570

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in bashToolHasPermission inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is...

EUVD-2026-13326

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

PT-2026-24209

Name of the Vulnerable Software and Affected Versions openclaw-core versions 0.3.x Description A critical deserialization issue exists in openclaw-core that allows arbitrary instruction injection through specially crafted system prompts. This affects all deployed instances. The issue requires...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the toolsBySender process when untyped sender keys are used. An attacker can gain unauthorized access to privileged group tool permissions by causing an...

PT-2026-41180

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description A flaw in the chat completion API allows users to bypass tool restrictions, potentially leading to unauthorized actions or access. In the '/api/chat/completions' endpoint, the tool ids and tool...

CVE-2001-0488

pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service...