Monthly
Remote code execution in GitHub Copilot CLI versions prior to 1.0.43 allows attackers to execute arbitrary commands via malicious bare git repositories embedded in project directories. When the CLI agent performs routine git operations, git's automatic bare repository discovery triggers execution of commands specified in config keys like core.fsmonitor. Attackers can deliver the malicious repository through pull requests, compromised dependencies, or pre-existing cloned repositories. No public exploit identified at time of analysis, though the attack technique leverages well-documented git behavior. The vendor-released patch (version 1.0.43) sets safe.bareRepository=explicit to block automatic bare repository discovery.
Tor before version 0.4.9.7 mishandles memory accounting in the conflux out-of-order queue during queue clearing operations, leading to a denial-of-service condition through resource exhaustion. Unauthenticated remote attackers can exploit this via network-level packet manipulation to trigger improper queue state management, causing availability degradation on affected Tor relays and clients. The vulnerability has a low severity CVSS score (3.7) due to attack complexity and availability-only impact, with no confirmed active exploitation at time of analysis.
OpenStack Horizon 25.6 and 25.7 before 25.7.3 allows unauthenticated remote attackers to exhaust session storage backend resources through repeated requests that trigger write operations prior to authentication, causing denial of service. This is a regression of CVE-2014-8124 and is assigned CVSS 5.3 (network-based, low complexity, no authentication required).
Integer overflow in Little CMS (lcms2) version 2.18 and earlier allows local attackers to trigger a buffer overflow via CubeSize calculation in cmslut.c, where the overflow check occurs after rather than before multiplication. This can result in memory corruption leading to information disclosure or denial of service with low complexity requirements. No active exploitation in CISA KEV confirmed at time of analysis, but proof-of-concept technical details are publicly available.
OpenClaw before version 2026.3.22 suffers from an authorization bypass in its interactive callback dispatch mechanism that permits unauthenticated remote attackers to execute action handlers without sender allowlist validation. The vulnerability exploits a race condition or timing gap where callbacks are processed before security checks complete, enabling unauthorized state modification and availability impact. No public exploit code or active exploitation has been confirmed at time of analysis, but the low attack complexity and lack of authentication requirements make this a practical threat to exposed OpenClaw deployments.
Local denial of service in systemd 258 through 259 allows unprivileged users to trigger an assertion failure by interacting with service units configured with Delegate=yes and no explicit User setting, causing the systemd daemon to crash. The vulnerability requires local access and specific unit configuration but poses moderate risk to system availability with a CVSS score of 4.7 and no active exploitation currently identified.
OpenClaw before version 2026.3.25 processes JSON webhook request bodies before validating cryptographic signatures, allowing unauthenticated remote attackers to trigger denial of service by submitting malicious webhook payloads that force computationally expensive JSON parsing operations. The vulnerability exploits a logic-ordering defect where signature validation occurs after resource-intensive parsing, enabling attackers to exhaust server resources without valid credentials. No public exploit code has been identified at the time of analysis, though the attack requires only network access and is trivially exploitable.
OpenClaw before version 2026.3.22 performs cite expansion before completing channel and direct message authorization checks, allowing unauthenticated remote attackers to access or manipulate content prior to authorization validation. This timing vulnerability exposes information disclosure and potential content tampering risks due to premature processing of cite operations that bypass security boundaries.
Session isolation bypass in OpenClaw 2026.3.11 through 2026.3.24 allows authenticated attackers to access parent or sibling sessions bypassing visibility restrictions. The vulnerability exploits session_status logic that resolves sessionId to canonical session keys before enforcing explicit sessionKey-based access controls, enabling sandboxed child sessions to read data from sessions they should not access. No public exploit identified at time of analysis. Impacts confidentiality of session data across isolation boundaries in multi-tenant or sandboxed deployment scenarios.
OpenClaw before 2026.3.22 processes cryptographic operations on inbound Nostr direct messages prior to validating sender identity and pairing status, allowing unauthenticated remote attackers to trigger denial of service through resource exhaustion by sending crafted messages. CVSS 6.9 reflects moderate impact with low integrity and availability degradation; no public exploit code or active exploitation has been confirmed.
Remote code execution in GitHub Copilot CLI versions prior to 1.0.43 allows attackers to execute arbitrary commands via malicious bare git repositories embedded in project directories. When the CLI agent performs routine git operations, git's automatic bare repository discovery triggers execution of commands specified in config keys like core.fsmonitor. Attackers can deliver the malicious repository through pull requests, compromised dependencies, or pre-existing cloned repositories. No public exploit identified at time of analysis, though the attack technique leverages well-documented git behavior. The vendor-released patch (version 1.0.43) sets safe.bareRepository=explicit to block automatic bare repository discovery.
Tor before version 0.4.9.7 mishandles memory accounting in the conflux out-of-order queue during queue clearing operations, leading to a denial-of-service condition through resource exhaustion. Unauthenticated remote attackers can exploit this via network-level packet manipulation to trigger improper queue state management, causing availability degradation on affected Tor relays and clients. The vulnerability has a low severity CVSS score (3.7) due to attack complexity and availability-only impact, with no confirmed active exploitation at time of analysis.
OpenStack Horizon 25.6 and 25.7 before 25.7.3 allows unauthenticated remote attackers to exhaust session storage backend resources through repeated requests that trigger write operations prior to authentication, causing denial of service. This is a regression of CVE-2014-8124 and is assigned CVSS 5.3 (network-based, low complexity, no authentication required).
Integer overflow in Little CMS (lcms2) version 2.18 and earlier allows local attackers to trigger a buffer overflow via CubeSize calculation in cmslut.c, where the overflow check occurs after rather than before multiplication. This can result in memory corruption leading to information disclosure or denial of service with low complexity requirements. No active exploitation in CISA KEV confirmed at time of analysis, but proof-of-concept technical details are publicly available.
OpenClaw before version 2026.3.22 suffers from an authorization bypass in its interactive callback dispatch mechanism that permits unauthenticated remote attackers to execute action handlers without sender allowlist validation. The vulnerability exploits a race condition or timing gap where callbacks are processed before security checks complete, enabling unauthorized state modification and availability impact. No public exploit code or active exploitation has been confirmed at time of analysis, but the low attack complexity and lack of authentication requirements make this a practical threat to exposed OpenClaw deployments.
Local denial of service in systemd 258 through 259 allows unprivileged users to trigger an assertion failure by interacting with service units configured with Delegate=yes and no explicit User setting, causing the systemd daemon to crash. The vulnerability requires local access and specific unit configuration but poses moderate risk to system availability with a CVSS score of 4.7 and no active exploitation currently identified.
OpenClaw before version 2026.3.25 processes JSON webhook request bodies before validating cryptographic signatures, allowing unauthenticated remote attackers to trigger denial of service by submitting malicious webhook payloads that force computationally expensive JSON parsing operations. The vulnerability exploits a logic-ordering defect where signature validation occurs after resource-intensive parsing, enabling attackers to exhaust server resources without valid credentials. No public exploit code has been identified at the time of analysis, though the attack requires only network access and is trivially exploitable.
OpenClaw before version 2026.3.22 performs cite expansion before completing channel and direct message authorization checks, allowing unauthenticated remote attackers to access or manipulate content prior to authorization validation. This timing vulnerability exposes information disclosure and potential content tampering risks due to premature processing of cite operations that bypass security boundaries.
Session isolation bypass in OpenClaw 2026.3.11 through 2026.3.24 allows authenticated attackers to access parent or sibling sessions bypassing visibility restrictions. The vulnerability exploits session_status logic that resolves sessionId to canonical session keys before enforcing explicit sessionKey-based access controls, enabling sandboxed child sessions to read data from sessions they should not access. No public exploit identified at time of analysis. Impacts confidentiality of session data across isolation boundaries in multi-tenant or sandboxed deployment scenarios.
OpenClaw before 2026.3.22 processes cryptographic operations on inbound Nostr direct messages prior to validating sender identity and pairing status, allowing unauthenticated remote attackers to trigger denial of service through resource exhaustion by sending crafted messages. CVSS 6.9 reflects moderate impact with low integrity and availability degradation; no public exploit code or active exploitation has been confirmed.