Export limit exceeded: 354316 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (481 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34507 | 1 Openclaw | 1 Openclaw | 2026-05-29 | 5.4 Medium |
| OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have blocked. | ||||
| CVE-2026-35674 | 1 Openclaw | 1 Openclaw | 2026-05-29 | 8.8 High |
| OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scope requirements, enabling unauthorized plugin, config, MCP, allowlist, and ACP mutations. | ||||
| CVE-2026-35673 | 1 Openclaw | 1 Openclaw | 2026-05-29 | 6.5 Medium |
| OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should remain protected. | ||||
| CVE-2026-35630 | 1 Openclaw | 1 Openclaw | 2026-05-29 | 8 High |
| OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization. | ||||
| CVE-2026-32906 | 1 Openclaw | 1 Openclaw | 2026-05-29 | 4.3 Medium |
| OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions outside operator configuration. | ||||
| CVE-2026-32905 | 1 Openclaw | 1 Openclaw | 2026-05-29 | 8.3 High |
| OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll devices with operator/node capabilities, granting persistent credentials until manual removal. | ||||
| CVE-2026-42437 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 7.5 High |
| OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing the voice-call realtime WebSocket path. | ||||
| CVE-2026-42432 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 7.8 High |
| OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system. | ||||
| CVE-2026-42429 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 7.1 High |
| OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations. | ||||
| CVE-2026-41362 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 4.3 Medium |
| OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress legitimate events on different accounts by matching event_name and message_id parameters. | ||||
| CVE-2026-41300 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 6.5 Medium |
| OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance. | ||||
| CVE-2026-32896 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 4.8 Medium |
| The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.21 contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by exploiting the loopback/proxy heuristics to send unauthenticated webhook events to the BlueBubbles plugin. | ||||
| CVE-2026-32067 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 3.7 Low |
| OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically accepted in another account in multi-account deployments without explicit approval, bypassing authorization boundaries. | ||||
| CVE-2026-32062 | 1 Openclaw | 3 Openclaw, Openclaw\/voice-call, Voice-call | 2026-05-26 | 7.5 High |
| OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including, 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams. | ||||
| CVE-2026-32022 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 6.5 Medium |
| OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file access restrictions and read sensitive files.env from the working directory. | ||||
| CVE-2026-28395 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 6.5 Medium |
| OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension (must be installed and enabled) relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl is configured. Remote attackers can access relay HTTP endpoints off-host to leak service presence and port information, or conduct denial-of-service and brute-force attacks against the relay token header. | ||||
| CVE-2026-22217 | 1 Openclaw | 1 Openclaw | 2026-05-26 | 6.1 Medium |
| OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable on systems with writable trusted-prefix directories such as /opt/homebrew/bin to execute arbitrary binaries in the OpenClaw process context. | ||||
| CVE-2026-44992 | 1 Openclaw | 1 Openclaw | 2026-05-25 | 5 Medium |
| OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers. | ||||
| CVE-2026-43568 | 1 Openclaw | 1 Openclaw | 2026-05-25 | 6.5 Medium |
| OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to escalate privileges. | ||||
| CVE-2026-32846 | 1 Openclaw | 1 Openclaw | 2026-05-20 | 7.5 High |
| OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys. | ||||