Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-6011

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

8.1CVSS5.2AI score0.0042EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/10 6:31 a.m.9 views

OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

8.1CVSS5.2AI score0.0042EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2026/04/10 5:16 a.m.4 views

CVE-2026-6011

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

8.1CVSS0.0042EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.18 views

PT-2026-31871

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.1.26 Description A weakness exists in OpenClaw up to version 2026.1.26, specifically within the assertPublicHostname Handler functionality of the file src/agents/tools/web-fetch.ts. A manipulation can lead to...

8.1CVSS5.5AI score0.0042EPSS
Exploits1References12
CNVD
CNVD
added 2026/02/11 12:0 a.m.5 views

OpenClaw OS Command Injection Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. An operating system command injection vulnerability exists in versions prior to OpenClaw 2026.1.29, which stems from the sshNodeCommand function failing to properly filter construct command special characters, commands, etc. An...

7.7CVSS6.1AI score0.00935EPSS
Exploits1References1
CNVD
CNVD
added 2026/02/05 12:0 a.m.4 views

OpenClaw has an unspecified vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. A security vulnerability exists in versions prior to OpenClaw 2026.1.29, which originates from automatically establishing a WebSocket connection and sending a token, and can be exploited by an attacker to cause an unauthorized...

8.8CVSS5.8AI score0.08016EPSS
Exploits5References1
NVD
NVD
added 2026/02/04 8:16 p.m.8 views

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS0.00935EPSS
Exploits1References1
CVE
CVE
added 2026/02/02 9:53 p.m.18 views

CVE-2026-24763

OpenClaw/Docker sandbox: A command injection due to unsafe PATH handling when constructing shell commands. An authenticated user who can influence environment variables could execute commands inside the container context. This was fixed in version 2026.1.29 (prior to that, OpenClaw was vulnerable).

8.8CVSS5.7AI score0.04773EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder