Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/05 1:35 p.m.10 views

UNIX Symbolic Link (Symlink) Following

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the repository path handling process. An attacker can access files outside the intended repository directory by submitting crafted symlink paths...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.5 views

CVE-2026-42434 OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 10:18 p.m.4 views

GHSA-F7FH-QG34-X2XH OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

Summary CDP /json/version WebSocket URL could pivot to untrusted second-hop targets. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 Impact A browser profile could trust a CDP /json/version response whose webSocketDebuggerUrl pointed at a differen...

7.7CVSS5.7AI score0.00265EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/04/09 5:36 p.m.7 views

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +23 more potentially affected by CVE-2026-41911 via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-41911 Source advisory: SNYK:JS-OPENCLAW-15989076...

6.5CVSS5.7AI score0.00326EPSS
Exploits0
Snyk
Snyk
added 2026/04/09 5:35 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through concurrent asynchronous authentication attempts. An attacker can exhaust system resources by racing the per-key rate-limit...

2.9CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder