Monthly
Sender policy bypass in OpenClaw's BlueBubbles integration before version 2026.5.7 allows low-privileged conversation participants to impersonate allowlisted senders by manipulating conversation-level metadata rather than being validated against stable sender identity. An attacker who is already a participant in a conversation can craft or influence mutable conversation identifiers to match configured allowlist entries, causing the agent to respond to them as if they were an authorized sender and circumventing access controls. No public exploit code or active exploitation has been identified at time of analysis; the low CVSS score (2.3) and high attack complexity reflect real-world constraints.
Vivo PcSuite's connection confirmation pop-up - a security gate that prompts users to authorize PC-to-device connections - can be bypassed by an adjacent unauthenticated attacker, rooted in CWE-807 (Reliance on Untrusted Inputs in a Security Decision). All versions of PcSuite are listed as affected per the wildcard CPE (cpe:2.3:a:vivo:pcsuite:*:*:*:*:*:*:*:*), and the attack requires only adjacent network positioning with no privileges or user interaction. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, keeping real-world urgency moderate.
Remote code execution as root in Remote Spark SparkView before build 1122 allows network attackers to bypass local connection authentication checks and execute arbitrary commands with maximum privileges. CVSS 4.0 assigns the maximum 10.0 score with network vector, low complexity, and no authentication required (AV:N/AC:L/PR:N). The vendor description explicitly warns that depending on implementation, unauthenticated attackers can exploit this flaw. EPSS and KEV data not provided, but the combination of trivial exploitation conditions and root-level impact makes this critical for any organization running affected SparkView builds.
Transport-state spoofing in Bandit 1.0.0 through 1.10.x allows unauthenticated remote attackers to forge HTTPS connections over plaintext HTTP by supplying a malicious URI scheme in HTTP/1.1 absolute-form request targets or HTTP/2 :scheme pseudo-headers. The vulnerable determine_scheme/2 function returns client-supplied scheme values verbatim, causing downstream Plug middlewares to make incorrect security decisions: Plug.SSL skips HTTP→HTTPS redirects, secure cookies are transmitted unencrypted, and CSRF/SameSite protections may be bypassed. CVSS 6.3 (network-accessible, low complexity). Vendor patch available (version 1.11.0+).
OpenClaw before version 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer, allowing attackers to bypass the allowRemoteViewer access control restriction. Unauthenticated remote attackers can exploit this authentication bypass by sending specially crafted proxied requests that are incorrectly identified as local traffic, gaining unauthorized access to the diffs viewer functionality. The vulnerability requires network access and specific timing/proximity conditions (per CVSS AT:P vector), but once exploited results in confidentiality impact through unauthorized information disclosure.
Privilege escalation in OpenClaw before 2026.3.28 allows local authenticated attackers to bypass execution allowlist controls via wrapper binary persistence. When users grant trust to wrapped commands (e.g., via /usr/bin/script), OpenClaw fails to distinguish the wrapper from the underlying executable, allowing attackers to reuse the wrapper's persistent trust to execute arbitrary unauthorized programs. No active exploitation confirmed (CISA KEV: not listed), but VulnCheck has published technical advisory details. EPSS data not available.
Execution approval bypass in OpenClaw before 2026.3.28 allows local authenticated users with standard privileges to establish overly broad executable allowlist entries through wrapper carrier exploitation. Attackers leverage positional routing in dispatch wrappers to trust carrier executables instead of their invoked targets, escalating from limited execution approval to arbitrary code execution with high confidentiality and integrity impact. Vendor-released patch version 2026.3.28 addresses the flaw (GHSA-p4x4-2r7f-wjxg). No evidence of active exploitation or public POC identified at time of analysis.
Information disclosure in Canon production printers and office/small office multifunction printers allows authenticated administrators to access sensitive device information through crafted requests to the browser-based remote management interface. The vulnerability affects multiple printer models and requires high-privilege administrative access; no active exploitation has been confirmed at time of analysis, though the remote network vector and low attack complexity indicate practical exploitability by privileged internal users.
Authorization bypass in OpenClaw's chat.send gateway allows authenticated operator clients to spoof ACP (Access Control Provider) identity labels and inject reserved provenance metadata by manipulating WebSocket handshake client metadata. Attackers with low-privilege operator credentials can bypass intended privilege boundaries to impersonate the ACP bridge, achieving high integrity impact through unauthorized modification of chat message provenance. EPSS probability is low (0.05%, 15th percentile) and CISA SSVC indicates no active exploitation, non-automatable attacks, and partial technical impact. Vendor patch available as of version 2026.3.28.
Windows Boot Loader accepts untrusted inputs for security decisions, allowing authorized local attackers to bypass security features with high confidentiality, integrity, and availability impact. This authentication bypass vulnerability (CVSS 6.7) affects Windows 10 versions 1607, 1809, 21H2, and 22H2, as well as Windows Server 2016, 2019, and 2022. Microsoft has released patches addressing the root cause of reliance on untrusted security-critical inputs.
Sender policy bypass in OpenClaw's BlueBubbles integration before version 2026.5.7 allows low-privileged conversation participants to impersonate allowlisted senders by manipulating conversation-level metadata rather than being validated against stable sender identity. An attacker who is already a participant in a conversation can craft or influence mutable conversation identifiers to match configured allowlist entries, causing the agent to respond to them as if they were an authorized sender and circumventing access controls. No public exploit code or active exploitation has been identified at time of analysis; the low CVSS score (2.3) and high attack complexity reflect real-world constraints.
Vivo PcSuite's connection confirmation pop-up - a security gate that prompts users to authorize PC-to-device connections - can be bypassed by an adjacent unauthenticated attacker, rooted in CWE-807 (Reliance on Untrusted Inputs in a Security Decision). All versions of PcSuite are listed as affected per the wildcard CPE (cpe:2.3:a:vivo:pcsuite:*:*:*:*:*:*:*:*), and the attack requires only adjacent network positioning with no privileges or user interaction. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, keeping real-world urgency moderate.
Remote code execution as root in Remote Spark SparkView before build 1122 allows network attackers to bypass local connection authentication checks and execute arbitrary commands with maximum privileges. CVSS 4.0 assigns the maximum 10.0 score with network vector, low complexity, and no authentication required (AV:N/AC:L/PR:N). The vendor description explicitly warns that depending on implementation, unauthenticated attackers can exploit this flaw. EPSS and KEV data not provided, but the combination of trivial exploitation conditions and root-level impact makes this critical for any organization running affected SparkView builds.
Transport-state spoofing in Bandit 1.0.0 through 1.10.x allows unauthenticated remote attackers to forge HTTPS connections over plaintext HTTP by supplying a malicious URI scheme in HTTP/1.1 absolute-form request targets or HTTP/2 :scheme pseudo-headers. The vulnerable determine_scheme/2 function returns client-supplied scheme values verbatim, causing downstream Plug middlewares to make incorrect security decisions: Plug.SSL skips HTTP→HTTPS redirects, secure cookies are transmitted unencrypted, and CSRF/SameSite protections may be bypassed. CVSS 6.3 (network-accessible, low complexity). Vendor patch available (version 1.11.0+).
OpenClaw before version 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer, allowing attackers to bypass the allowRemoteViewer access control restriction. Unauthenticated remote attackers can exploit this authentication bypass by sending specially crafted proxied requests that are incorrectly identified as local traffic, gaining unauthorized access to the diffs viewer functionality. The vulnerability requires network access and specific timing/proximity conditions (per CVSS AT:P vector), but once exploited results in confidentiality impact through unauthorized information disclosure.
Privilege escalation in OpenClaw before 2026.3.28 allows local authenticated attackers to bypass execution allowlist controls via wrapper binary persistence. When users grant trust to wrapped commands (e.g., via /usr/bin/script), OpenClaw fails to distinguish the wrapper from the underlying executable, allowing attackers to reuse the wrapper's persistent trust to execute arbitrary unauthorized programs. No active exploitation confirmed (CISA KEV: not listed), but VulnCheck has published technical advisory details. EPSS data not available.
Execution approval bypass in OpenClaw before 2026.3.28 allows local authenticated users with standard privileges to establish overly broad executable allowlist entries through wrapper carrier exploitation. Attackers leverage positional routing in dispatch wrappers to trust carrier executables instead of their invoked targets, escalating from limited execution approval to arbitrary code execution with high confidentiality and integrity impact. Vendor-released patch version 2026.3.28 addresses the flaw (GHSA-p4x4-2r7f-wjxg). No evidence of active exploitation or public POC identified at time of analysis.
Information disclosure in Canon production printers and office/small office multifunction printers allows authenticated administrators to access sensitive device information through crafted requests to the browser-based remote management interface. The vulnerability affects multiple printer models and requires high-privilege administrative access; no active exploitation has been confirmed at time of analysis, though the remote network vector and low attack complexity indicate practical exploitability by privileged internal users.
Authorization bypass in OpenClaw's chat.send gateway allows authenticated operator clients to spoof ACP (Access Control Provider) identity labels and inject reserved provenance metadata by manipulating WebSocket handshake client metadata. Attackers with low-privilege operator credentials can bypass intended privilege boundaries to impersonate the ACP bridge, achieving high integrity impact through unauthorized modification of chat message provenance. EPSS probability is low (0.05%, 15th percentile) and CISA SSVC indicates no active exploitation, non-automatable attacks, and partial technical impact. Vendor patch available as of version 2026.3.28.
Windows Boot Loader accepts untrusted inputs for security decisions, allowing authorized local attackers to bypass security features with high confidentiality, integrity, and availability impact. This authentication bypass vulnerability (CVSS 6.7) affects Windows 10 versions 1607, 1809, 21H2, and 22H2, as well as Windows Server 2016, 2019, and 2022. Microsoft has released patches addressing the root cause of reliance on untrusted security-critical inputs.