2 matches found
CVE-2026-28395
OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl...
Flickr: Open Redirect
A misconfiguration of the routing system was at fault. A wildcard URL pattern existed with the intention to send visitors to a 404 page but this wasn't reliably working. Now when the wildcard handler catches a URL it redirects reliably to a dead end 404 page...