6 matches found
OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-13430)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw is vulnerable to a data forgery issue. The vulnerability stems from unauthenticated TXT records in discovery beacons, where certain clients treat the TXT values as authoritative routing/fixed inputs. An attacker...
Improper Certificate Validation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Certificate Validation via unauthenticated TXT records in the discovery routing. An attacker can redirect client connections to attacker-controlled endpoints and potentially...
GHSA-PV58-549P-QH99 OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning
Summary Discovery beacons Bonjour/mDNS and DNS-SD include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. TXT records are unauthenticated. Prior to the fix, some clients treated TXT values as authoritative routing/pinning inputs: - iOS and macOS: used TXT-provided host...
PT-2026-20370
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is a personal AI assistant that utilizes discovery beacons Bonjour/mDNS and DNS-SD which include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. These TXT...
UBUNTU-CVE-2019-12269
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text...
Punchbowl App Has Logic Design Flaws
Punching Assembly APP is a puzzle national quiz game app. A logic design vulnerability exists in Top Punch APP. The vulnerability is caused by the lack of authentication of the SMS interface at the registration account, which allows an attacker to consume server resources by sending unlimited...