|
111
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stal…
New
|
CWE-862
Missing Authorization
|
CVE-2026-41382
|
2026-05-2 00:51 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers ca…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41381
|
2026-05-2 00:51 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
7.3 |
HIGH
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targ…
New
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-41380
|
2026-05-2 00:51 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
7.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers w…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41379
|
2026-05-2 00:51 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attacker…
New
|
CWE-862
Missing Authorization
|
CVE-2026-41378
|
2026-05-2 00:51 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
4.6 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install unt…
New
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-41377
|
2026-05-2 00:50 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root …
New
|
CWE-346
Origin Validation Error
|
CVE-2026-41376
|
2026-05-2 00:50 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41375
|
2026-05-2 00:47 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
6.1 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUI…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-41373
|
2026-05-2 00:46 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
- |
|
-
|
-
|
Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial …
New
|
-
|
CVE-2025-56568
|
2026-05-2 00:37 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
