Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.6 views

CVE-2026-41386 OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope...

9.1CVSS5.2AI score0.00328EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.33 views

CVE-2026-41386 OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope...

9.1CVSS0.00328EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 3:19 a.m.6 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the pairing process. An attacker can gain elevated privileges by exploiting unbound bootstrap setup codes during device pairing. Remediation Upgrade...

8.6CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.8 views

PT-2026-35771

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description An issue exists where bootstrap setup codes are not bound to intended device roles and scopes during pairing. This allows attackers to escalate privileges beyond their intended role and scope...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References12
Rows per page
Query Builder