Lucene search
K

5 matches found

EUVD
EUVD
added 2026/04/24 12:31 a.m.5 views

EUVD-2026-25334

OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the sessionstatus function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invocations. Attackers can invoke sessionstatus without sandbox constraints to bypass session-policy...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.5 views

CVE-2026-41350 OpenClaw < 2026.3.31 - Session Visibility Bypass via session_status in Unsandboxed Invocations

OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the sessionstatus function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invocations. Attackers can invoke sessionstatus without sandbox constraints to bypass session-policy...

5.3CVSS5.2AI score0.00199EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 9:58 p.m.22 views

CVE-2026-41350

CVE-2026-41350 affects OpenClaw prior to 2026.3.31, where the session_status function fails to enforce tools.sessions.visibility restrictions for unsandboxed invocations. This allows attackers to invoke session_status without sandbox constraints, bypassing session-policy controls and accessing re...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/07 6:11 p.m.2 views

GHSA-FWJQ-XWFJ-GV75 OpenClaw: `session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations

Summary sessionstatus still bypasses configured tools.sessions.visibility for unsandboxed invocations Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real on shipped v2026.3.22: non-sandboxed sessionstatus skipped the shared visibility guard, but this is a...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/07 6:11 p.m.7 views

OpenClaw: `session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations

Summary sessionstatus still bypasses configured tools.sessions.visibility for unsandboxed invocations Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real on shipped v2026.3.22: non-sandboxed sessionstatus skipped the shared visibility guard, but this is a...

5.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder