Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5270 matches found

Vulnrichment
Vulnrichmentadded 2026/04/28 6:10 p.m.1 views

CVE-2026-42421 OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rotation

OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token...

5.4CVSS5.2AI score0.00186EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/28 6:10 p.m.26 views

CVE-2026-42421 OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rotation

OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token...

5.4CVSS0.00186EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/28 6:10 p.m.1 views

EUVD-2026-26124

OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token...

5.4CVSS5.2AI score0.00186EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/28 6:10 p.m.2 views

CVE-2026-42421

OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token...

5.4CVSS5.2AI score0.00186EPSS
Exploits0References4
CVE
CVEadded 2026/04/28 6:9 p.m.4 views

CVE-2026-41400

OpenClaw (voice-call component) before 2026.3.31 is affected by an incomplete fix for CVE-2026-32062: the voice-call module parses oversized WebSocket frames before start validation, allowing remote attackers to cause resource consumption and denial of service. Affected package: openclaw and @ope...

7.5CVSS5.2AI score0.00532EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/28 6:9 p.m.2 views

CVE-2026-41400 OpenClaw < 2026.3.31 - Resource Consumption via Oversized WebSocket Frames in voice-call

OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service...

6.9CVSS5.2AI score0.00532EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/28 6:9 p.m.2 views

CVE-2026-41400

OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service...

8.7CVSS5.2AI score0.00532EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/28 6:9 p.m.28 views

CVE-2026-41400 OpenClaw < 2026.3.31 - Resource Consumption via Oversized WebSocket Frames in voice-call

OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service...

6.9CVSS0.00532EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/28 6:9 p.m.5 views

EUVD-2026-26108

OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service...

8.7CVSS5.2AI score0.00532EPSS
Exploits0References3
CVE
CVEadded 2026/04/28 6:9 p.m.5 views

CVE-2026-41399

OpenClaw before 2026.3.28 allows unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget Allocation, enabling unauthenticated attackers to exhaust socket and worker capacity and disrupt WebSocket availability for legitimate clients. The issue is tracked as CVE-20...

8.7CVSS5.2AI score0.00318EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/28 6:9 p.m.0 views

CVE-2026-41399

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

8.7CVSS5.2AI score0.00318EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/28 6:9 p.m.31 views

CVE-2026-41399 OpenClaw < 2026.3.28 - Denial of Service via Unbounded Pre-auth WebSocket Upgrades

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

8.7CVSS0.00318EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/28 6:9 p.m.1 views

EUVD-2026-26107

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

8.7CVSS5.2AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from accepting unlimited concurrent unauthenticated WebSocket upgrades, which could allow unauthenticated...

8.7CVSS5.8AI score0.00318EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.5 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were due to incomplete fixes to CVE-2026-32062, which could allow remote attackers to send excessively large pre-boo...

7.5CVSS5.8AI score0.00532EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.5 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 had code vulnerabilities. These vulnerabilities stemmed from session management issues. Existing WebSocket sessions continued to exist after the shared gateway token rotation,...

5.4CVSS5.9AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.0 views

PT-2026-35800

OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token...

5.4CVSS5.2AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.2 views

PT-2026-35784

OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service...

8.7CVSS5.2AI score0.00532EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.2 views

PT-2026-35783

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description OpenClaw accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. This allows unauthenticated network attackers to exhaust socket and worker...

8.7CVSS5.8AI score0.00318EPSS
Exploits0References6
GithubExploit
GithubExploitadded 2026/04/25 4:50 p.m.99 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — Marimo Pre-Auth RCE For educational and...

9.8CVSS8AI score0.95645EPSS
Exploits11
Rows per page
Query Builder