Lucene search
K

144 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.3 views

PT-2026-31773

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw contains a privilege escalation issue in the Control UI. Unauthenticated sessions can retain self-declared privileged scopes without device identity verification. Attackers can exploit...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References9
NVD
NVD
added 2026/04/08 7:25 p.m.9 views

CVE-2026-34720

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

4.3CVSS0.001EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:11 p.m.3 views

CVE-2026-34720 Zammad has an origin validation error in SSO mechanism

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

2.3CVSS5.9AI score0.001EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:11 p.m.1 views

EUVD-2026-20560

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

2.3CVSS5.9AI score0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:11 p.m.18 views

CVE-2026-34720 Zammad has an origin validation error in SSO mechanism

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

2.3CVSS0.001EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:11 p.m.11 views

CVE-2026-34720

CVE-2026-34720 affects the Zammad web-based helpdesk system. Prior to versions 7.0.1 and 6.5.4, the SSO mechanism did not verify that the header originated from a trusted SSO proxy/gateway before applying subsequent actions, representing an origin-validation weakness. The issue is fixed in 7.0.1 ...

4.3CVSS5.9AI score0.001EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31417

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

2.3CVSS5.9AI score0.001EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 3:5 a.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the authentication process when using trusted-proxy authentication mode. An attacker can gain elevated privileges by exploiting incomplete scope-clearing,...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:5 a.m.7 views

OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode

Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/03 3:5 a.m.2 views

GHSA-G374-MGGX-P6XC OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode

Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a...

8.6CVSS5.9AI score0.0034EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/03 2:55 a.m.8 views

OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode

Summary HTTP operator endpoints lack browser-origin validation in trusted-proxy mode Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: This is a real trusted-proxy HTTP CSRF or browser-origin gap in released tags, but it is not critical because it depends on...

7.1CVSS5.9AI score0.00112EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/04/03 2:55 a.m.1 views

Cross-site Request Forgery (CSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the HTTP operator endpoints when running in trusted-proxy mode, as browser-origin validation is not enforced. An attacker can perform unauthorized actio...

7.1CVSS5.9AI score0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 2:55 a.m.3 views

GHSA-MHR7-2XMV-4C4Q OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode

Summary HTTP operator endpoints lack browser-origin validation in trusted-proxy mode Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: This is a real trusted-proxy HTTP CSRF or browser-origin gap in released tags, but it is not critical because it depends on...

7.1CVSS5.9AI score0.00112EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/26 7:50 p.m.1 views

Reliance on Untrusted Inputs in a Security Decision

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision in the trusted-proxy Control UI session handling process. An attacker can retain privileged scopes without device identity by accessing...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 7:50 p.m.6 views

OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths

Summary Trusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 7:50 p.m.4 views

GHSA-48VW-M3QC-WR99 OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths

Summary Trusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32057

OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui...

8.1CVSS5.9AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-32302

OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted rever...

8.1CVSS5.8AI score0.00153EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.8 views

Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvgp-4c28-m3jm. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI...

8.1CVSS5.9AI score0.00335EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/21 3:31 a.m.7 views

GHSA-XH9J-MPC9-2M9P Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvgp-4c28-m3jm. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI...

6CVSS5.9AI score0.00335EPSS
Exploits0References4
Rows per page
Query Builder