Monthly
Filesystem boundary bypass in OpenClaw before 2026.3.2 allows authenticated attackers to read arbitrary files by traversing sandbox bridge mounts outside the configured workspace, circumventing the tools.fs.workspaceOnly restriction. The vulnerability affects the image tool specifically and results in unauthorized information disclosure accessible via network with low complexity.
Remote code execution in Hashgraph Guardian ≤3.5.0 enables authenticated Standard Registry users to execute arbitrary JavaScript through unsandboxed Function() constructor in Custom Logic policy block worker. Attackers can import Node.js modules to read container files, extract environment credentials (RSA private keys, JWT signing keys, API tokens), and forge authentication tokens for privilege escalation to administrator access. Requires low-privilege authentication (PR:L). No public exploit identified at time of analysis.
Apache Airflow 3.0.0 through 3.1.8 discloses XCom result values to users with only DAG Run read permissions (such as Viewer role), violating the FAB RBAC model that treats XCom as a protected resource. This information disclosure affects authenticated users and allows them to access sensitive execution results they should not be able to view. The vulnerability is not confirmed as actively exploited, and a patch is available in Apache Airflow 3.2.0.
Electron's window.open() handler fails to properly scope named-window lookups to the opener's browsing context group, allowing a renderer to hijack an existing child window opened by a different renderer and potentially inherit elevated webPreferences including privileged preload scripts. This affects Electron versions before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, and poses a remote code execution risk only in applications that open multiple top-level windows with differing trust levels and grant child windows elevated permissions via setWindowOpenHandler. No public exploit identified at time of analysis.
SandboxJS versions 0.8.35 and below allow untrusted sandboxed code to leak internal interpreter scope objects through the `new` operator, exposing raw Prop wrappers that reference the host's global variable storage (scope.allVars). An attacker controlling code execution within the sandbox can extract this scope object and modify variables in the sandbox hierarchy, though prototype chain and code evaluation remain protected. Vendor-released patch available; no active KEV status or public exploit code confirmed.
Context isolation bypass in Electron applications enables privilege escalation when VideoFrame objects are bridged to the main world. Attackers with XSS capabilities can leverage improperly bridged WebCodecs API VideoFrame objects to escape the isolated context and access Node.js APIs exposed in preload scripts. CVSS 8.4 (High) with network attack vector requiring high complexity and user interaction. No public exploit identified at time of analysis, though proof-of-concept development is feasible given the detailed vendor disclosure.
Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.
Authorization bypass in OpenClaw gateway agent RPC enables authenticated operators with operator.write permission to escape workspace boundaries and execute arbitrary operations outside designated directories. Attackers supply malicious spawnedBy and workspaceDir parameters to perform file and exec operations from any process-accessible location. CVSS 8.7 reflects high confidentiality, integrity, and availability impact with network attack vector and low complexity. No public exploit identified at time of analysis, though EPSS data unavailable. VulnCheck identified this as an information disclosure vector affecting OpenClaw versions prior to 2026.3.11.
CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High severity vulnerability requiring prompt remediation. Vendor patch is available.
Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.
Filesystem boundary bypass in OpenClaw before 2026.3.2 allows authenticated attackers to read arbitrary files by traversing sandbox bridge mounts outside the configured workspace, circumventing the tools.fs.workspaceOnly restriction. The vulnerability affects the image tool specifically and results in unauthorized information disclosure accessible via network with low complexity.
Remote code execution in Hashgraph Guardian ≤3.5.0 enables authenticated Standard Registry users to execute arbitrary JavaScript through unsandboxed Function() constructor in Custom Logic policy block worker. Attackers can import Node.js modules to read container files, extract environment credentials (RSA private keys, JWT signing keys, API tokens), and forge authentication tokens for privilege escalation to administrator access. Requires low-privilege authentication (PR:L). No public exploit identified at time of analysis.
Apache Airflow 3.0.0 through 3.1.8 discloses XCom result values to users with only DAG Run read permissions (such as Viewer role), violating the FAB RBAC model that treats XCom as a protected resource. This information disclosure affects authenticated users and allows them to access sensitive execution results they should not be able to view. The vulnerability is not confirmed as actively exploited, and a patch is available in Apache Airflow 3.2.0.
Electron's window.open() handler fails to properly scope named-window lookups to the opener's browsing context group, allowing a renderer to hijack an existing child window opened by a different renderer and potentially inherit elevated webPreferences including privileged preload scripts. This affects Electron versions before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, and poses a remote code execution risk only in applications that open multiple top-level windows with differing trust levels and grant child windows elevated permissions via setWindowOpenHandler. No public exploit identified at time of analysis.
SandboxJS versions 0.8.35 and below allow untrusted sandboxed code to leak internal interpreter scope objects through the `new` operator, exposing raw Prop wrappers that reference the host's global variable storage (scope.allVars). An attacker controlling code execution within the sandbox can extract this scope object and modify variables in the sandbox hierarchy, though prototype chain and code evaluation remain protected. Vendor-released patch available; no active KEV status or public exploit code confirmed.
Context isolation bypass in Electron applications enables privilege escalation when VideoFrame objects are bridged to the main world. Attackers with XSS capabilities can leverage improperly bridged WebCodecs API VideoFrame objects to escape the isolated context and access Node.js APIs exposed in preload scripts. CVSS 8.4 (High) with network attack vector requiring high complexity and user interaction. No public exploit identified at time of analysis, though proof-of-concept development is feasible given the detailed vendor disclosure.
Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.
Authorization bypass in OpenClaw gateway agent RPC enables authenticated operators with operator.write permission to escape workspace boundaries and execute arbitrary operations outside designated directories. Attackers supply malicious spawnedBy and workspaceDir parameters to perform file and exec operations from any process-accessible location. CVSS 8.7 reflects high confidentiality, integrity, and availability impact with network attack vector and low complexity. No public exploit identified at time of analysis, though EPSS data unavailable. VulnCheck identified this as an information disclosure vector affecting OpenClaw versions prior to 2026.3.11.
CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High severity vulnerability requiring prompt remediation. Vendor patch is available.
Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure.