Lucene search
K

4 matches found

CNVD
CNVD
added 2026/03/02 12:0 a.m.1 views

OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-13430)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw is vulnerable to a data forgery issue. The vulnerability stems from unauthenticated TXT records in discovery beacons, where certain clients treat the TXT values as authoritative routing/fixed inputs. An attacker...

7.1CVSS5.8AI score0.001EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/18 12:33 a.m.6 views

Improper Certificate Validation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Certificate Validation via unauthenticated TXT records in the discovery routing. An attacker can redirect client connections to attacker-controlled endpoints and potentially...

7.1CVSS5.7AI score0.001EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 12:33 a.m.5 views

GHSA-PV58-549P-QH99 OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning

Summary Discovery beacons Bonjour/mDNS and DNS-SD include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. TXT records are unauthenticated. Prior to the fix, some clients treated TXT values as authoritative routing/pinning inputs: - iOS and macOS: used TXT-provided host...

7.1CVSS5.6AI score0.001EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.9 views

PT-2026-20370

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is a personal AI assistant that utilizes discovery beacons Bonjour/mDNS and DNS-SD which include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. These TXT...

7.1CVSS5.6AI score0.001EPSS
Exploits0References6
Rows per page
Query Builder