Skip to main content
CVE-2026-42422 HIGH PATCH This Week

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-41649 HIGH PATCH This Week

Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both `collectionId` and `documentId` are provided in the request, the authorization logic only checks access to the collection, completely ignoring the document. This allows an authenticated attacker to generate a valid public share link for any document on the platform, including documents belonging to other workspaces. The full document contents can then be retrieved via the `documents.info` endpoint. Version 1.7.0 contains a patch.

Authentication Bypass Outline
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-41397 HIGH PATCH GHSA This Week

Sandbox escape in OpenClaw file synchronization before version 2026.3.31 enables remote authenticated attackers to read and write arbitrary files outside intended boundaries via crafted symlinks during mirror sync operations. The vulnerability exploits CWE-59 (Improper Link Resolution Before File Access) with attack complexity rated High and requires low privileges, indicating targeted exploitation scenarios. Vendor patches available via GitHub commits c02ee8a and 3b9dab0, with CVSS 7.6 reflecting high confidentiality and integrity impact but no availability impact. No active exploitation or public POC identified at time of analysis beyond vendor disclosure.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
7.6
EPSS
0.1%
CVE-2026-42431 HIGH PATCH This Week

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.0%
CVE-2026-40355 HIGH PATCH This Week

Remote denial of service in MIT Kerberos 5 (krb5) before 1.22.3 lets an unauthenticated attacker crash any GSS-API acceptor that has a NegoEx mechanism registered in /etc/gss/mech. Sending a malformed NegoEx token to an application that calls gss_accept_sec_context() triggers a NULL pointer dereference in parse_nego_message, terminating the process (CWE-476). No public exploit identified at time of analysis; EPSS is low (0.07%) and CISA SSVC lists exploitation as proof-of-concept only, with technical impact rated partial and not automatable.

Null Pointer Dereference Denial Of Service Kerberos 5
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-40356 HIGH PATCH This Week

Remote denial of service in MIT Kerberos 5 (krb5) before 1.22.3 allows an unauthenticated network attacker to crash any application that calls gss_accept_sec_context() on a host where a NegoEx mechanism is registered in /etc/gss/mech. A crafted NegoEx token triggers an integer underflow leading to an out-of-bounds read in parse_message(), terminating the GSS-API acceptor process. No public exploit is identified at time of analysis, EPSS risk is low (0.07%), and CISA SSVC scores exploitation as 'none'.

Buffer Overflow Integer Overflow Kerberos 5
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-7343 HIGH PATCH This Week

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Microsoft Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3323 HIGH This Week

Remote unauthenticated access to sensitive data in VEGA VEGAPULS 6X Two-Wire industrial sensors exposes hashed credentials and access codes via unsecured configuration interface. Network-accessible interface (AV:N/AC:L/PR:N/UI:N) allows attackers to extract authentication materials without any prerequisites, enabling credential cracking and potential lateral movement in industrial networks. EPSS and KEV data not available; CERTVDE advisory confirms vulnerability in Ethernet-APL enabled industrial level measurement devices running PROFINET, Modbus TCP, and OPC UA protocols. No public exploit identified at time of analysis, though exploitation trivial due to lack of authentication requirement.

Authentication Bypass Vegapuls 6X Two Wire Profinet Modbus Tcp Opc Ua Ethernet Apl
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7320 HIGH PATCH This Week

Information disclosure in Mozilla Firefox, Firefox ESR 140, and Firefox ESR 115 allows remote unauthenticated attackers to extract sensitive data via incorrect boundary conditions in the Audio/Video component. The vulnerability permits network-based exploitation with low complexity and no user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N), enabling unauthorized access to high-confidentiality information. Mozilla released patches in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1 (confirmed by vendor advisories MFSA2026-35/36/37). SSVC indicates automatable exploitation with partial technical impact, though no public exploit or active exploitation is identified at time of analysis.

Buffer Overflow Information Disclosure Mozilla
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40975 HIGH PATCH This Week

{random.value}` property placeholder are generated with a non-cryptographic pseudo-random number generator, making them unsuitable for use as secrets such as passwords, tokens, or keys. The numeric `${random.int}` and `${random.long}` placeholders are even weaker, drawing from a small predictable range, while `${random.uuid}` is explicitly unaffected. There is no public exploit identified at time of analysis (SSVC exploitation: none; EPSS 0.03%), so the practical risk depends entirely on whether a given deployment actually used these placeholders to seed real secrets.

Information Disclosure Java Spring Boot
NVD HeroDevs VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-41602 HIGH PATCH GHSA This Week

Integer overflow in Apache Thrift's Go TFramedTransport implementation allows remote unauthenticated attackers to crash server processes via specially crafted uint32 values. Affects all Thrift versions prior to 0.23.0 with EPSS score of 0.02% (low exploitation probability). This is one of six related vulnerabilities disclosed simultaneously affecting different Thrift language bindings (Go, Swift, Java, c_glib), indicating coordinated security audit findings. Vendor patch available in version 0.23.0 released April 2026.

Denial Of Service Integer Overflow Java Apache Thrift
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42428 HIGH PATCH This Week

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-48431 HIGH PATCH This Week

Remote unauthenticated denial of service in Apache Thrift c_glib language bindings (versions before 0.23.0) allows attackers to crash Thrift servers via specially crafted requests triggering 'free(): invalid pointer' fatal errors. CVSS 7.5 (HIGH) with network vector and low complexity. EPSS score is only 0.02% (4th percentile), indicating very low real-world exploitation probability despite theoretical severity. No active exploitation confirmed (not in CISA KEV); no public POC identified at time of analysis. Vendor-released patch: Apache Thrift 0.23.0.

Denial Of Service Apache Apache Thrift
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7357 HIGH PATCH This Week

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7338 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7349 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-67223 HIGH This Week

Unauthenticated remote attackers can access sensitive documents containing personally identifiable information (PII) in Aranda Service Desk versions prior to 8.3.12 by exploiting predictable log file names in the Aranda File Server (AFS) component. Attackers retrieve daily activity logs from a publicly accessible directory to obtain direct virtual paths of uploaded files, then bypass access controls to download the documents. CISA SSVC framework confirms proof-of-concept code exists and the vulnerability is fully automatable, significantly lowering the barrier to exploitation despite no confirmed active exploitation at time of analysis.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-7289 HIGH This Week

Remote authenticated attackers can execute arbitrary code on D-Link DIR-825M routers (firmware 1.1.12) by sending specially crafted requests to the /boafrm/formWanConfigSetup endpoint with malicious submit-url parameters, triggering a buffer overflow in function sub_414BA8. Public proof-of-concept exploit code exists on GitHub (Kiciot/cve#3), significantly lowering exploitation barriers. While requiring authentication (PR:L), the network attack vector (AV:N) and low complexity (AC:L) enable remote compromise of affected devices with potential for complete device control (VC:H/VI:H/VA:H). No CISA KEV listing or EPSS data available at time of analysis.

Buffer Overflow D-Link
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7288 HIGH This Week

Buffer overflow in D-Link DIR-825M 1.1.12 router allows authenticated remote attackers to achieve high-severity code execution via crafted submit-url parameter in VPN configuration interface. Public exploit code exists (CVSS 4.0 E:P) with technical details disclosed on GitHub, enabling remote compromise of router administrative functions by low-privileged authenticated users. CVSS 7.4 HIGH severity with network attack vector and low complexity indicates significant risk for internet-facing devices with default or weak credentials.

Buffer Overflow D-Link
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-41603 HIGH PATCH This Week

Apache Thrift Java TSSLTransportFactory fails to verify server hostnames in TLS connections, enabling man-in-the-middle attacks against versions prior to 0.23.0. This CWE-297 (improper certificate validation) vulnerability allows network attackers with high complexity positioning to intercept and modify encrypted communications without authentication. EPSS exploitation probability is low (0.01%, 1st percentile), with no KEV listing or public exploit code identified at time of analysis. Vendor patch available in Thrift 0.23.0.

Denial Of Service Java Apache Thrift
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-7247 HIGH This Week

Buffer overflow in D-Link DI-8100 router firmware 16.07.26A1 allows authenticated administrators to execute arbitrary code remotely via crafted file extension names. The vulnerability affects the file_exten.asp File Extension Handler component, with a publicly available exploit (E:P in CVSS vector). While requiring high-privilege access (PR:H), successful exploitation grants complete system control (VC:H/VI:H/VA:H), and the attack complexity is low (AC:L). No CISA KEV listing indicates targeted rather than widespread exploitation despite public POC availability.

Buffer Overflow D-Link
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-7322 HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

Buffer Overflow Mozilla RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-7324 HIGH PATCH This Week

Multiple memory corruption vulnerabilities in Firefox 150.0.0 and Thunderbird 150.0.0 enable remote code execution through memory safety bugs. Mozilla's security advisory confirms these flaws could allow arbitrary code execution with sufficient exploit development. No active exploitation confirmed at time of analysis, but SSVC framework rates this as automatable with partial technical impact. Vendor-released patch available in Firefox 150.0.1.

Buffer Overflow Mozilla RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-7323 HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Firefox ESR 140.10.1.

Buffer Overflow Memory Corruption Mozilla RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-5435 HIGH PATCH This Week

Out-of-bounds write in GNU C Library 2.2+ allows remote unauthenticated attackers to corrupt memory and potentially execute arbitrary code through specially crafted TSIG DNS records processed by deprecated ns_printrrf, ns_printrr, or fp_nquery functions. While these functions are deprecated, any application still using them for DNS record printing remains vulnerable to network-based attacks with low complexity and no authentication barriers. No public exploit identified at time of analysis, but the deprecated status suggests limited real-world exposure despite the network attack vector.

Buffer Overflow Memory Corruption Glibc
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-42432 HIGH PATCH GHSA This Week

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system.

Authentication Bypass Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-41605 HIGH PATCH This Week

Integer overflow in Apache Thrift Swift Compact Protocol implementation versions prior to 0.23.0 enables remote unauthenticated attackers to achieve partial confidentiality, integrity, and availability impact. This is one of six related vulnerabilities disclosed simultaneously affecting multiple Apache Thrift language implementations (Swift, Node.js, C++, c_glib, Go). EPSS score of 0.02% (5th percentile) indicates low current exploitation probability, with no active exploitation confirmed by CISA KEV at time of analysis. Vendor-released patch version 0.23.0 addresses this and related Thrift implementation flaws.

Node.js Integer Overflow Denial Of Service Apache Thrift
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-1460 HIGH This Week

Command injection in Zyxel DX3301-T0 and EX3301-T0 routers allows authenticated administrators to execute arbitrary OS commands by injecting malicious input into the DomainName parameter of DHCP configuration. Affects firmware versions through 5.50(ABVY.7.1)C0. Vendor Zyxel has published a security advisory with remediation guidance. EPSS data not available; no public exploit identified at time of analysis. While CVSS score is 7.2 (High), practical risk is constrained by requirement for admin-level authentication, limiting exposure to credential compromise or malicious insider scenarios.

Command Injection Zyxel Dx3301 T0 Firmware Ex3301 T0 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-41364 HIGH PATCH This Week

Remote authenticated attackers can overwrite arbitrary files on OpenClaw servers by uploading malicious tar archives containing symbolic links to the SSH sandbox feature. The vulnerability allows escaping sandbox restrictions to modify critical system files, enabling potential remote code execution or denial of service. Affects OpenClaw versions before 2026.3.31. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE.

Information Disclosure Openclaw
NVD GitHub
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-42510 HIGH PATCH This Week

Command injection via ipmitool in OpenStack Ironic through 25.0.0 allows authenticated operators with high privileges to trigger ipmitool execution when a console interface is configured in a non-default deployment, leading to high impact on confidentiality, integrity, and availability of the bare-metal provisioning node. No public exploit identified at time of analysis, EPSS is very low (0.07%, 20th percentile), and SSVC indicates no observed exploitation, consistent with a niche operator-level flaw rather than mass-scanning risk.

Information Disclosure Ironic
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-41375 HIGH PATCH This Week

Authorization bypass in OpenClaw phone channel endpoints allows authenticated low-privilege users to arm or disarm phone-based alarm channels without required administrative rights. Versions prior to 2026.3.28 fail to validate operator.admin scope for /phone arm and /phone disarm API endpoints when accessed through external channels (CWE-863). Patch released via GitHub commit aa66ae1fc, with CVSS 7.1 reflecting network-accessible integrity impact requiring only low-privilege authentication. No active exploitation confirmed (not in CISA KEV); exploit development straightforward given simple API authorization flaw.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-41370 HIGH PATCH This Week

Path traversal in OpenClaw's ACP dispatch mechanism allows authenticated remote attackers to read arbitrary files outside intended directories by manipulating inbound channel attachment paths. Attackers can bypass both attachment-cache and root directory security checks to access sensitive system files. Upstream fix available via GitHub commit 566fb73d9d, with versions prior to 2026.3.31 confirmed vulnerable. No CISA KEV listing at time of analysis, indicating targeted rather than widespread exploitation.

Path Traversal Openclaw
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-41369 HIGH PATCH This Week

Environment variable injection in OpenClaw (pre-2026.3.31) allows authenticated remote attackers to compromise host execution integrity by injecting malicious variables that override package managers, Docker registries, compiler paths, and TLS configurations during host exec operations. The vulnerability exhibits high confidentiality impact (CVSS:4.0 VC:H) with network attack vector and low complexity (AV:N/AC:L), requiring only low-privilege authentication (PR:L). VulnCheck disclosure indicates this affects Docker-related operations, with fixes available via GitHub commit eb8de67 and tracked under GHSA-cg7q-fg22-4g98. EPSS and KEV data not available at time of analysis.

Docker Information Disclosure
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-41368 HIGH PATCH This Week

Environment variable disclosure in OpenClaw jq safe-bin policy allows authenticated remote attackers to extract sensitive credentials and configuration data. The vulnerability stems from incomplete filter blocking in jq program execution - specifically, the $ENV filter can bypass safe-bin restrictions to read process environment variables. Versions prior to 2026.3.28 are affected. No CISA KEV listing or public POC identified at time of analysis, but disclosure by VulnCheck indicates vendor-confirmed issue with available patch.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-41385 HIGH PATCH This Week

Plaintext private key storage in OpenClaw versions before 2026.3.31 exposes Nostr protocol signing keys through configuration retrieval methods. Authenticated attackers with network access can exploit redaction bypass in config.get methods to extract unencrypted private keys, enabling full impersonation of the compromised Nostr identity for signing and authentication operations. Vendor patch available via GitHub commit 57700d716f660591fb6e09727f3ca8041fa48b9d. EPSS and KEV data not available, but the authentication bypass tag and network attack vector indicate elevated risk for multi-tenant or shared OpenClaw deployments.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-41379 HIGH PATCH This Week

Privilege escalation in OpenClaw versions prior to 2026.3.28 enables authenticated operators with write permissions to modify administrator-only voice configuration settings through the chat.send endpoint. This vulnerability allows low-privileged operator accounts to manipulate sensitive Talk Voice configuration persistence, bypassing intended role-based access controls. A vendor-released patch is available via commit e34694733fc64931ed4a543c73d84ad3435d5df1. EPSS data unavailable; no CISA KEV listing or public exploit code identified at time of analysis, though the targeted nature (authenticated internal operators) suggests lower mass-exploitation risk than the CVSS 7.1 score might imply.

Authentication Bypass Privilege Escalation Openclaw
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-41380 HIGH PATCH GHSA This Week

Execution approval bypass in OpenClaw before 2026.3.28 allows local authenticated users with standard privileges to establish overly broad executable allowlist entries through wrapper carrier exploitation. Attackers leverage positional routing in dispatch wrappers to trust carrier executables instead of their invoked targets, escalating from limited execution approval to arbitrary code execution with high confidentiality and integrity impact. Vendor-released patch version 2026.3.28 addresses the flaw (GHSA-p4x4-2r7f-wjxg). No evidence of active exploitation or public POC identified at time of analysis.

Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-41390 HIGH PATCH GHSA This Week

Privilege escalation in OpenClaw before 2026.3.28 allows local authenticated attackers to bypass execution allowlist controls via wrapper binary persistence. When users grant trust to wrapped commands (e.g., via /usr/bin/script), OpenClaw fails to distinguish the wrapper from the underlying executable, allowing attackers to reuse the wrapper's persistent trust to execute arbitrary unauthorized programs. No active exploitation confirmed (CISA KEV: not listed), but VulnCheck has published technical advisory details. EPSS data not available.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-40973 HIGH PATCH GHSA This Week

Local privilege escalation and session hijacking in Spring Boot allows attackers with local access to hijack authenticated sessions or execute arbitrary code by taking control of the ApplicationTemp directory. The vulnerability affects Spring Boot versions 2.7.0 through 4.0.5 when server.servlet.session.persistent is enabled, requiring attack persistence across application restarts. VMware has released patches for all supported branches (4.0.6, 3.5.14, 3.4.16, 3.3.19, 2.7.33), though unsupported versions remain vulnerable. No active exploitation confirmed at time of analysis.

Information Disclosure Java Red Hat
NVD HeroDevs VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-41400 MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 fails to properly validate WebSocket frame sizes in its voice-call component before processing, allowing remote unauthenticated attackers to send oversized frames that trigger excessive resource consumption and denial of service. This vulnerability represents an incomplete remediation of CVE-2026-32062, demonstrating that the original fix did not address the root validation sequencing issue.

Denial Of Service Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-41374 MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 performs Discord audio preflight transcription without validating member authorization, allowing unauthenticated remote attackers to trigger resource-intensive audio processing and cause denial of service through resource exhaustion.

Denial Of Service Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41372 MEDIUM PATCH This Month

OpenClaw before version 2026.4.2 fails to normalize trailing-dot localhost hostnames in Chrome DevTools Protocol (CDP) discovery responses, allowing attackers to bypass loopback address protections. An unauthenticated remote attacker can craft malicious CDP discovery responses that return 'localhost.' (with trailing dot) instead of the standard 'localhost', causing the browser control mechanism to treat it as a different hostname and redirect authenticated browser sessions to attacker-controlled endpoints, potentially exposing sensitive browser state and authentication tokens.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-7292 LOW POC Monitor

Improper authorization in o2oa up to version 10.0 allows remote attackers to bypass authentication via the syncFile function in NodeAgent.java, leading to unauthorized access to file operations. The vulnerability requires high attack complexity and has publicly available exploit code, though no active exploitation in the wild has been confirmed at this time.

Java Authentication Bypass
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-40550 MEDIUM Monitor

mpGabinet 23.12.19 and earlier suffers from privilege escalation due to excessive database privileges assigned to the application service account. An attacker with local access to extract database credentials from the application process memory gains administrative database access, enabling unauthorized actions beyond what the application interface permits. CVSS 6.9 indicates high confidentiality impact from local access without authentication; no active exploitation confirmed in CISA KEV at time of analysis.

Privilege Escalation Mpgabinet
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-0711 MEDIUM This Month

Command injection in EasyMesh APIs of Zyxel DX3300-T0 firmware through version 5.50(ABVY.7.1)C0 allows authenticated administrators with adjacent network access to execute arbitrary OS commands on the device. The vulnerability requires both administrator privileges and adjacent network positioning (AV:A), significantly limiting exposure to local network attackers rather than remote threat actors. CVSS 6.8 reflects high confidentiality, integrity, and availability impact but is constrained by elevated privilege and adjacency requirements.

Command Injection Zyxel Dx3300 T0 Firmware
NVD VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2026-5944 MEDIUM PATCH This Month

Unauthenticated network attackers can access an exposed API passthrough endpoint on TCP port 7373 in Cisco Intersight Device Connector for Nutanix Prism Central, enabling enumeration of cluster metadata and invocation of cluster maintenance workflows that may disrupt active workloads. The vulnerability stems from missing authentication controls on a network-accessible service endpoint and carries a CVSS 6.7 score reflecting high availability impact despite limited confidentiality and integrity exposure. No public exploit code or active exploitation has been confirmed, but the attack requires no special conditions beyond network access to the deployment environment.

Cisco Authentication Bypass
NVD VulDB
CVSS 4.0
6.7
EPSS
0.1%
CVE-2026-24204 MEDIUM This Month

NVIDIA Flare SDK is vulnerable to path traversal via improper input validation, allowing authenticated remote attackers to disclose sensitive information. The vulnerability affects all versions of the SDK and requires valid user credentials to exploit, making it a moderate-risk issue for organizations using Flare in multi-user environments. No public exploit code or active exploitation has been identified.

Information Disclosure Nvidia
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40980 MEDIUM PATCH This Month

Spring AI versions 1.0.0-1.0.5 and 1.1.0-1.1.4 are vulnerable to denial of service through uncontrolled resource consumption when processing maliciously crafted PDF files via the ForkPDFLayoutTextStripper component. Authenticated remote attackers can exhaust server memory and crash affected applications by uploading or processing specially designed PDFs. Vendor-released patches address the issue in versions 1.0.6 and 1.1.5.

Java Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6238 MEDIUM PATCH This Month

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

Buffer Overflow Glibc
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6706 MEDIUM This Month

Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request.

Authentication Bypass Hashicorp
NVD
CVSS 3.1
6.5
EPSS
0.0%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy