Lucene search
K

6 matches found

CVE
CVE
added 2026/03/05 9:59 p.m.15 views

CVE-2026-28481

OpenClaw (npm package) up to version 2026.1.30 contains an information disclosure vulnerability in the MS Teams attachment downloader (extension must be enabled). When retrying downloads after 401/403 responses, the code may send Authorization: Bearer tokens to untrusted hosts that match a permis...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 2:38 a.m.3 views

CVE-2026-25474 OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass

OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by ...

7.5CVSS5.6AI score0.002EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.4 views

CVE-2026-25475

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

6.5CVSS5.5AI score0.00745EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:55 p.m.5 views

CVE-2026-25475

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

6.5CVSS5.5AI score0.00745EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/04 7:55 p.m.7 views

EUVD-2026-5363

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

6.5CVSS5.5AI score0.00745EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-6291

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.30 Description OpenClaw is a personal AI assistant. The isValidMedia function in src/media/parse.ts allows arbitrary file paths, including absolute paths, home directory paths, and directory traversal sequence...

6.5CVSS5.7AI score0.00745EPSS
Exploits1References12
Rows per page
Query Builder