Skip to main content
CVE-2026-7220 MEDIUM POC This Month

OS command injection in jackwrichards FastlyMCP allows remote unauthenticated attackers to execute arbitrary system commands via manipulation of the command argument in the fastly_cli Tool component. The vulnerability exists in fastly-mcp.mjs and has been disclosed publicly with exploit code available, though the project operates on a rolling release model with no versioned releases and has not yet responded to early disclosure notifications.

Command Injection Fastlymcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-7215 MEDIUM POC This Month

Remote command injection in egtai gmx-vmd-mcp through version 0.1.0 enables unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads into the structure_file or trajectory_file parameters of the VMD Launch Handler in mcp_server.py. A public proof-of-concept exploit exists (GitHub issue #2), significantly lowering the barrier to exploitation. The vendor has not responded to responsible disclosure attempts, leaving users without an official patch.

Command Injection Gmx Vmd Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-7237 MEDIUM POC PATCH This Month

Path traversal in AgiFlow scaffold-mcp's write-to-file tool allows remote unauthenticated attackers to read, write, or delete arbitrary files on the server by manipulating the file_path parameter. Versions up to 1.0.27 are affected. Public exploit code exists (GitHub issue #88), enabling attackers to bypass directory restrictions and access sensitive files or overwrite critical system files. CVSS 7.3 (High) with network attack vector and no authentication required. Vendor-released patch available in version 1.1.0 (commit c4d23592).

Path Traversal Scaffold Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-7234 MEDIUM POC This Month

Path traversal in browser-operator-core versions up to 0.6.0 allows remote unauthenticated attackers to read, write, and potentially delete arbitrary files on the server by manipulating the request.url parameter in the startsWith function of server.js. Publicly available exploit code exists (GitHub issue #96), enabling trivial exploitation with no user interaction. CVSS 7.3 reflects network-exploitable attack with low impact across confidentiality, integrity, and availability. No vendor response or patch released despite early responsible disclosure via issue report. This is a critical supply chain risk for any systems running the affected BrowserOperator component server.

Path Traversal Browser Operator Core
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7216 MEDIUM POC This Month

Path traversal in processing-claude-mcp-bridge's create_sketch tool allows remote unauthenticated attackers to read, write, or delete arbitrary files on the server by manipulating the sketch_name parameter in processing_server.py. Public exploit code exists via GitHub issue #1, enabling straightforward attacks against exposed instances. EPSS data not available, but CVSS 7.3 (High) with network vector and no authentication requirements indicates significant risk for internet-facing deployments. Project maintainer has not responded to vulnerability disclosure, leaving no vendor-confirmed patch timeline.

Path Traversal Processing Claude Mcp Bridge
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7213 MEDIUM POC This Month

Path traversal in ef10007 MLOps_MCP 1.0.0 allows remote unauthenticated attackers to write files to arbitrary filesystem locations via manipulation of the filename/destination argument in the save_file tool of fastmcp_server.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification, leaving affected deployments without an official patch.

Path Traversal Mlops Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7212 MEDIUM POC This Month

Path traversal in edvardlindelof notes-mcp up to version 0.1.4 allows remote unauthenticated attackers to read or manipulate files outside the intended directory by manipulating the root_dir or path arguments in notes_mcp.py. The vulnerability has a publicly available exploit and a CVSS score of 6.9, but the vendor has not responded to the early disclosure through issue tracking.

Path Traversal Notes Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7235 MEDIUM POC This Month

Path traversal vulnerability in ErlichLiu claude-agent-sdk-master allows remote unauthenticated attackers to read arbitrary files by manipulating the outputFile parameter in app/api/agent-output/route.ts. The vulnerability has a CVSS score of 5.3 (low integrity impact) and publicly available exploit code exists, though the project uses rolling releases and the maintainer has not yet responded to disclosure.

Path Traversal Claude Agent Sdk Master
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7221 MEDIUM POC PATCH This Month

Server-side request forgery (SSRF) in TencentCloudBase CloudBase-MCP through version 2.17.0 allows remote unauthenticated attackers to manipulate the open-url API endpoint by injecting arbitrary URLs via the req.body.url parameter, enabling attackers to make unauthorized requests from the server to internal or external resources. The vulnerability has publicly available exploit code and affects the openUrl function in mcp/src/interactive-server.ts. Vendor-released patch version 2.17.1 is available.

SSRF Cloudbase Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7217 MEDIUM POC This Month

Absolute path traversal in Deepractice PromptX up to version 2.4.0 allows remote unauthenticated attackers to read arbitrary files from the server by manipulating the path argument in document file handling functions (read_docx, read_xlsx, read_pptx, list_xlsx_sheets, read_pdf). Publicly available exploit code exists and the vendor has not responded to early disclosure, though CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) indicates moderate information disclosure risk with no integrity or availability impact.

Microsoft Path Traversal
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7214 MEDIUM POC This Month

Path traversal in eghuzefa engineer-your-data up to version 0.1.3 allows remote attackers to read, write, list, and obtain information about arbitrary files via manipulation of the WORKSPACE_PATH argument in the read_file, write_file, list_files, and file_inf functions within src/server.py. Publicly available exploit code exists, and the vendor has been notified but has not yet responded with a fix.

Path Traversal Engineer Your Data
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7223 MEDIUM POC This Month

Server-side request forgery (SSRF) in BigSweetPotatoStudio HyperChat up to version 2.0.0-alpha.63 allows remote unauthenticated attackers to manipulate the baseurl argument in the AI Proxy Middleware component, enabling arbitrary HTTP requests from the affected server. The vulnerability has a publicly available exploit and CVSS 6.9 score reflecting confidentiality, integrity, and availability impact at the network level with low complexity. The vendor has not responded to early disclosure notification through the project's GitHub issue tracker.

SSRF Hyperchat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7228 MEDIUM POC This Month

SQL injection in Pizzafy Ecommerce System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the ID parameter in the get_cart_count function at /admin/ajax.php. CVSS scores 7.3 (High) with network attack vector, low complexity, and no authentication required. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation. EPSS data not available, but the combination of public exploit, low attack complexity (AC:L), and no authentication (PR:N) indicates moderate-to-high real-world risk for internet-facing installations.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7227 MEDIUM POC This Month

SQL injection in Pizzafy Ecommerce System 1.0 allows remote unauthenticated attackers to compromise database confidentiality, integrity, and availability via the email parameter in the admin login function. The vulnerability exists in /admin/ajax.php?action=login and has a publicly available proof-of-concept exploit on GitHub. With CVSS 7.3 (High) and confirmed POC, this represents an immediate risk to internet-exposed admin panels, though no active exploitation has been confirmed by CISA KEV at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7226 MEDIUM POC This Month

SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows remote unauthenticated attackers to compromise database confidentiality, integrity, and availability through the login2 function. The vulnerability exists in /admin/ajax.php when processing the email parameter during administrative login, enabling attackers to bypass authentication, extract sensitive data, modify records, or disrupt service. A proof-of-concept exploit has been publicly released on GitHub, significantly lowering the barrier to exploitation. CVSS 7.3 (High) reflects network-accessible attack surface with no authentication required and low attack complexity.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7225 MEDIUM POC This Month

SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the ID parameter in the delete_menu function of /admin/ajax.php. Public exploit code is available on GitHub, enabling database extraction, authentication bypass, and potential administrative access. CVSS 7.3 reflects network-accessible attack with no authentication required, though actual exploitation targets the administrative backend endpoint.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7224 MEDIUM POC This Month

SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the ID parameter in /admin/ajax.php?action=delete_cart endpoint. Publicly available exploit code exists (GitHub POC), enabling immediate weaponization. CVSS 7.3 indicates network-based exploitation with no authentication barriers, granting partial confidentiality, integrity, and availability impact. Despite high CVSS and public POC, this affects a niche open-source e-commerce platform with limited deployment footprint.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7272 MEDIUM POC This Month

Path traversal in WilliamCloudQi matlab-mcp-server allows remote unauthenticated attackers to manipulate the scriptPath argument in the generate_matlab_code and execute_matlab_code functions, enabling unauthorized file system access with confidentiality and integrity impact. The vulnerability affects versions up to commit ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca, has publicly available exploit code, and the vendor has not yet responded to early disclosure notification.

Path Traversal Matlab Mcp Server
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5306 MEDIUM POC PATCH This Month

Stored XSS vulnerability in Check & Log Email WordPress plugin before version 2.0.13 allows authenticated users with low privileges to inject malicious scripts via improper email replacement handling when the email encoder setting is enabled. The vulnerability requires user interaction (UI:R) to execute, affecting confidentiality and integrity with cross-site scope. Publicly available exploit code exists but exploitation probability remains low (EPSS 0.05%, percentile 17%), indicating this is not a widely targeted vulnerability despite public awareness.

WordPress XSS
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-41400 MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 fails to properly validate WebSocket frame sizes in its voice-call component before processing, allowing remote unauthenticated attackers to send oversized frames that trigger excessive resource consumption and denial of service. This vulnerability represents an incomplete remediation of CVE-2026-32062, demonstrating that the original fix did not address the root validation sequencing issue.

Denial Of Service Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-41374 MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 performs Discord audio preflight transcription without validating member authorization, allowing unauthenticated remote attackers to trigger resource-intensive audio processing and cause denial of service through resource exhaustion.

Denial Of Service Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41372 MEDIUM PATCH This Month

OpenClaw before version 2026.4.2 fails to normalize trailing-dot localhost hostnames in Chrome DevTools Protocol (CDP) discovery responses, allowing attackers to bypass loopback address protections. An unauthenticated remote attacker can craft malicious CDP discovery responses that return 'localhost.' (with trailing dot) instead of the standard 'localhost', causing the browser control mechanism to treat it as a different hostname and redirect authenticated browser sessions to attacker-controlled endpoints, potentially exposing sensitive browser state and authentication tokens.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-40550 MEDIUM Monitor

mpGabinet 23.12.19 and earlier suffers from privilege escalation due to excessive database privileges assigned to the application service account. An attacker with local access to extract database credentials from the application process memory gains administrative database access, enabling unauthorized actions beyond what the application interface permits. CVSS 6.9 indicates high confidentiality impact from local access without authentication; no active exploitation confirmed in CISA KEV at time of analysis.

Privilege Escalation Mpgabinet
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-0711 MEDIUM This Month

Command injection in EasyMesh APIs of Zyxel DX3300-T0 firmware through version 5.50(ABVY.7.1)C0 allows authenticated administrators with adjacent network access to execute arbitrary OS commands on the device. The vulnerability requires both administrator privileges and adjacent network positioning (AV:A), significantly limiting exposure to local network attackers rather than remote threat actors. CVSS 6.8 reflects high confidentiality, integrity, and availability impact but is constrained by elevated privilege and adjacency requirements.

Command Injection Zyxel Dx3300 T0 Firmware
NVD VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2026-5944 MEDIUM PATCH This Month

Unauthenticated network attackers can access an exposed API passthrough endpoint on TCP port 7373 in Cisco Intersight Device Connector for Nutanix Prism Central, enabling enumeration of cluster metadata and invocation of cluster maintenance workflows that may disrupt active workloads. The vulnerability stems from missing authentication controls on a network-accessible service endpoint and carries a CVSS 6.7 score reflecting high availability impact despite limited confidentiality and integrity exposure. No public exploit code or active exploitation has been confirmed, but the attack requires no special conditions beyond network access to the deployment environment.

Cisco Authentication Bypass
NVD VulDB
CVSS 4.0
6.7
EPSS
0.1%
CVE-2026-24204 MEDIUM This Month

NVIDIA Flare SDK is vulnerable to path traversal via improper input validation, allowing authenticated remote attackers to disclose sensitive information. The vulnerability affects all versions of the SDK and requires valid user credentials to exploit, making it a moderate-risk issue for organizations using Flare in multi-user environments. No public exploit code or active exploitation has been identified.

Information Disclosure Nvidia
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40980 MEDIUM PATCH This Month

Spring AI versions 1.0.0-1.0.5 and 1.1.0-1.1.4 are vulnerable to denial of service through uncontrolled resource consumption when processing maliciously crafted PDF files via the ForkPDFLayoutTextStripper component. Authenticated remote attackers can exhaust server memory and crash affected applications by uploading or processing specially designed PDFs. Vendor-released patches address the issue in versions 1.0.6 and 1.1.5.

Java Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6238 MEDIUM PATCH This Month

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

Buffer Overflow Glibc
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6706 MEDIUM This Month

Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request.

Authentication Bypass Hashicorp
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-30246 MEDIUM PATCH GHSA This Month

{ return utils.CopyString(c.Path()) }` References: - https://github.com/gofiber/fiber/blob/main/middleware/cache/config.go#L90-L92 - https://github.com/gofiber/fiber/blob/main/middleware/cache/cache_test.go#L599-L621 The existing test demonstrates that when handler output depends on query parameter `id`, a second request with a different query still returns the first cached response (cache hit), confirming query is not part of the default cache key. Minimal PoC: ```go package main import ( "log" "github.com/gofiber/fiber/v3" "github.com/gofiber/fiber/v3/middleware/cache" ) func main() { app := fiber.New() app.Use(cache.New()) // default config app.Get("/", func(c fiber.Ctx) error { return c.SendString(c.Query("id", "1")) }) log.Fatal(app.Listen(":3000")) } ``` Reproduction: 1. `GET /?id=1` - Cache miss - Response body: `1` 2. `GET /?id=2` - Cache hit - Response body: `1` (expected `2`) Local verification command used: ```bash go test ./middleware/cache -run Test_Cache_WithNoCacheRequestDirective -count=1 ``` Observed result: test passes, confirming this is current behavior. - Responses that should vary by query parameters can be mixed between requests. - In real deployments, this may leak or corrupt user/tenant-specific content if query parameters influence context or data selection. - This is deployment-dependent but security-relevant, and not safe-by-default for query-variant responses. - Change default cache key generation to include path + normalized query string (or canonicalized original URL). - Keep ability for custom key generators. - Add explicit documentation warning that path-only keying is unsafe for query-dependent responses.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41607 MEDIUM PATCH This Month

Out-of-bounds read in Apache Thrift C++ JSON deserialization allows remote attackers to leak sensitive information and trigger denial of service via malformed JSON payloads. Affects Apache Thrift versions prior to 0.23.0. The vulnerability has low exploitation probability (EPSS 0.02%) and is not currently listed in CISA KEV, suggesting limited real-world weaponization despite network-accessible attack vector.

Buffer Overflow Information Disclosure Node.js Apache Thrift
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41526 MEDIUM PATCH This Month

KDE KCoreAddons before version 6.25 contains an improper neutralization of special elements vulnerability in the KShell::quoteArgs() function that fails to safely escape metacharacters and control characters, allowing local attackers with user interaction to inject arbitrary shell commands or terminal control sequences when user input is passed to shell execution contexts. Applications using this method to quote arguments for security-critical operations are affected; exploitation requires local access and user interaction but can achieve arbitrary code execution with user privileges.

Code Injection Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41525 MEDIUM PATCH This Month

KDE Dolphin before 25.12.3 allows sandboxed applications (running under Flatpak or AppArmor confinement) to bypass sandbox restrictions and open arbitrary files outside their containment boundary through the FileManager1 D-Bus protocol implementation. An attacker controlling a sandboxed application can exploit this to access sensitive files or execute scripts with user interaction, circumventing the intended isolation model.

Information Disclosure Dolphin
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4805 MEDIUM This Month

Stored cross-site scripting (XSS) in the Woostify WordPress plugin through version 2.5.0 allows authenticated attackers with Contributor-level access and above to inject arbitrary JavaScript into pages via unsanitized href attributes in the bundled Lity.js lightbox library. The injected scripts execute in the browsers of any user visiting the compromised page, enabling account takeover, credential theft, and malware distribution. No public exploit code has been identified at the time of analysis, but the vulnerability requires only low complexity network access with authenticated credentials.

WordPress XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-6809 MEDIUM This Month

Stored Cross-Site Scripting in Social Post Embed plugin for WordPress up to version 2.0.1 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript into page content via the Threads embed handler due to insufficient input sanitization and output escaping. Injected scripts execute when any user views the affected page, enabling session hijacking, credential theft, or malware distribution from trusted WordPress sites. No public exploit code or active exploitation has been identified at the time of analysis.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-6551 MEDIUM This Month

Stored Cross-Site Scripting in Timeline Blocks for Gutenberg WordPress plugin through version 1.1.10 allows authenticated contributors and above to inject arbitrary JavaScript via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block, executing malicious scripts whenever any user views the affected page. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied block attributes. Exploitation requires WordPress contributor-level access or higher and affects all versions up to 1.1.10.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-6725 MEDIUM This Month

Stored cross-site scripting in WPC Smart Messages for WooCommerce plugin through version 4.2.8 allows authenticated attackers with contributor-level access to inject arbitrary JavaScript via the 'text' attribute of the wpcsm_text_rotator shortcode, resulting in execution whenever users view affected pages. The vulnerability stems from insufficient input sanitization and output escaping. No active exploitation confirmed; patch available in version 4.2.9.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-41403 MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer, allowing attackers to bypass the allowRemoteViewer access control restriction. Unauthenticated remote attackers can exploit this authentication bypass by sending specially crafted proxied requests that are incorrectly identified as local traffic, gaining unauthorized access to the diffs viewer functionality. The vulnerability requires network access and specific timing/proximity conditions (per CVSS AT:P vector), but once exploited results in confidentiality impact through unauthorized information disclosure.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-41913 MEDIUM PATCH This Month

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended rate-limiting protections on Tailscale-capable paths.

Authentication Bypass Race Condition Openclaw
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-41407 MEDIUM PATCH This Month

OpenClaw before version 2026.4.2 leaks shared-secret length information through timing side-channel attacks in cryptographic comparison operations. The vulnerability stems from early length-mismatch checks in shared-secret comparison routines that violate constant-time security requirements, allowing remote attackers to measure timing differences and infer secret lengths without authentication. This weakens the cryptographic guarantees of the library's shared-secret handling.

Information Disclosure Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-41388 MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 allows remote attackers to bypass configuration revocation controls by restarting the application, which rehydrates revoked Tlon configuration settings from disk state due to improper handling of empty-array settings during startup migration. An attacker with network access and the ability to trigger application restarts can restore previously revoked authentication or authorization configurations without explicit re-enablement, potentially compromising intended security controls.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-24231 MEDIUM This Month

Server-side request forgery in NVIDIA NemoClaw's validateEndpointUrl() function allows local attackers with user interaction to supply crafted endpoint URLs targeting the 0.0.0.0/8 address range via blueprint configuration files or CLI flags, leading to information disclosure. The vulnerability affects all versions of NemoClaw and requires local access with user interaction to trigger, limiting exposure to systems where untrusted users can modify configuration or invoke CLI commands.

Information Disclosure SSRF Nvidia
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-41383 MEDIUM PATCH This Month

OpenClaw before version 2026.4.2 allows authenticated attackers to delete arbitrary remote directories during mirror mode synchronization operations by manipulating remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. An attacker with login credentials can craft malicious OpenShell config paths that cause the mirror sync function to delete unintended remote directory contents before replacing them with uploaded workspace data, resulting in data loss and potential service disruption.

Path Traversal Openclaw
NVD GitHub
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-37750 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-40979 MEDIUM PATCH This Month

Spring AI versions 1.0.0-1.0.5 and 1.1.0-1.1.4 expose ONNX machine learning models to unauthorized disclosure when the application runs in shared hosting environments, allowing local users with limited system access to read sensitive model files and potentially reverse-engineer proprietary ML logic. The vulnerability stems from insecure temporary file handling (CWE-377) that fails to restrict file permissions on extracted model artifacts. Authentication requirements are minimal-only local system access is needed-making this a significant risk in multi-tenant cloud platforms and shared servers.

Information Disclosure Java
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-41363 MEDIUM PATCH This Month

OpenClaw versions 2026.2.6 through 2026.3.24 allow authenticated remote attackers to read arbitrary files outside configured sandbox boundaries via path traversal in the Feishu extension's resolveUploadInput function during upload_image operations. The vulnerability bypasses file-system sandbox restrictions through improper path resolution, enabling confidentiality compromise of sensitive data accessible to the application process.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-42429 MEDIUM PATCH This Month

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations.

Authentication Bypass Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-41911 MEDIUM PATCH This Month

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and upload_image endpoints to access files beyond the intended workspace-only filesystem policy.

Path Traversal Openclaw
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-41366 MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 allows authenticated attackers to read arbitrary host files through improper validation in the appendLocalMediaParentRoots function, enabling exfiltration of credentials and sensitive data. The vulnerability permits model-initiated file access by exploiting a self-whitelisting mechanism that fails to properly validate media parent directory paths. Authentication is required, but the flaw affects confidentiality with a CVSS score of 6.0.

Information Disclosure Openclaw
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-40966 MEDIUM PATCH This Month

Spring AI fails to properly isolate conversation contexts when user-supplied input is passed directly as conversationId to VectorStoreChatMemoryAdvisor, allowing remote unauthenticated attackers to inject filter logic that exfiltrates sensitive data from other users' chat histories, including secrets and credentials. Exploitation requires moderately complex attack construction (AC:H) but no user interaction, affecting only applications with the specific vulnerable configuration pattern.

Java Authentication Bypass
NVD
CVSS 3.1
5.9
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy