144 matches found
PT-2026-31773
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw contains a privilege escalation issue in the Control UI. Unauthenticated sessions can retain self-declared privileged scopes without device identity verification. Attackers can exploit...
CVE-2026-34720
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...
CVE-2026-34720 Zammad has an origin validation error in SSO mechanism
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...
EUVD-2026-20560
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...
CVE-2026-34720 Zammad has an origin validation error in SSO mechanism
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...
CVE-2026-34720
CVE-2026-34720 affects the Zammad web-based helpdesk system. Prior to versions 7.0.1 and 6.5.4, the SSO mechanism did not verify that the header originated from a trusted SSO proxy/gateway before applying subsequent actions, representing an origin-validation weakness. The issue is fixed in 7.0.1 ...
PT-2026-31417
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the authentication process when using trusted-proxy authentication mode. An attacker can gain elevated privileges by exploiting incomplete scope-clearing,...
OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode
Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a...
GHSA-G374-MGGX-P6XC OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode
Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a...
OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
Summary HTTP operator endpoints lack browser-origin validation in trusted-proxy mode Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: This is a real trusted-proxy HTTP CSRF or browser-origin gap in released tags, but it is not critical because it depends on...
Cross-site Request Forgery (CSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the HTTP operator endpoints when running in trusted-proxy mode, as browser-origin validation is not enforced. An attacker can perform unauthorized actio...
GHSA-MHR7-2XMV-4C4Q OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode
Summary HTTP operator endpoints lack browser-origin validation in trusted-proxy mode Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: This is a real trusted-proxy HTTP CSRF or browser-origin gap in released tags, but it is not critical because it depends on...
Reliance on Untrusted Inputs in a Security Decision
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision in the trusted-proxy Control UI session handling process. An attacker can retain privileged scopes without device identity by accessing...
OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths
Summary Trusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
GHSA-48VW-M3QC-WR99 OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths
Summary Trusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
CVE-2026-32057
OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui...
CVE-2026-32302
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted rever...
Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvgp-4c28-m3jm. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI...
GHSA-XH9J-MPC9-2M9P Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvgp-4c28-m3jm. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI...