Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32051

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/21 3:31 a.m.6 views

EUVD-2026-13949

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32051

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated caller with operator.write scope to invoke the owner-only tool interface...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26733

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.1 Description An authorization mismatch exists that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces, including gateway and cron, through agent runs in scoped-token...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/03/13 3:48 p.m.7 views

OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`

Summary In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC. Impact On gateways where a caller is intentionally granted operator.write but not...

5.8AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28473

OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...

8.1CVSS5.8AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 9:59 p.m.7 views

EUVD-2026-9919

OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...

9.8CVSS5.9AI score0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28473 OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command

OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...

8.1CVSS5.8AI score0.00281EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.2 had security vulnerabilities. These vulnerabilities stemmed from an authorization bypass issue. Clients with access to the operator.write scope could approve or reject approval requests by sending...

8.1CVSS5.8AI score0.00281EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/02 9:59 p.m.4 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization through an authorization mismatch in the agent. An attacker can perform privileged control-plane actions beyond their intended write scope by invoking owner-only too...

8.8CVSS6AI score0.00412EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/02 9:59 p.m.8 views

OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools

Summary An authorization mismatch allowed authenticated callers with operator.write access to invoke owner-only tool surfaces gateway, cron through agent runs in scoped-token deployments. Impact On affected deployments, write-scoped callers could perform control-plane actions beyond intended writ...

5.9AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/02/17 9:39 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /approve command. An attacker can gain unauthorized approval or denial of pending execution requests by sending specially crafted chat messages through a...

7.3CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-55486

Malicious code in bioql PyPI...

6.5CVSS5.5AI score0.00389EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.6 views

CVE-2023-50713

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Toke...

6.5CVSS7.1AI score0.00389EPSS
Exploits0References1
Rows per page
Query Builder