Privilege Escalation

This vulnerability affects all Kirby sites where users have the permission to create pages (`pages.create` permission is enabled) but not the permission to change the status of pages (`pages.changeStatus` permission is disabled). This can be due to configuration in the user blueprint(s), via `options` in the page blueprint(s) or via a combination of both settings. Users' Kirby sites are *not* affected if their use case does not consider the creation of published pages a malicious action. The vulnerability can only be exploited by authenticated users. ---- An authorization bypass allows authenticated users to perform actions they should not be allowed to perform based on their configured permissions, thereby causing a privilege escalation. The effects of an authorization bypass can include unauthorized access to sensitive information as well as unauthorized changes to content or system information. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint (`site/blueprints/users/...`). It is also possible to customize the permissions for each target model in the model blueprints (such as in `site/blueprints/pages/...`) using the `options` feature. The permissions and options together control the authorization of user actions. For pages, Kirby provides the `pages.create` and `pages.changeStatus` permissions (among others). In affected releases, Kirby checked these permissions independently and only for the respective action. However the `changeStatus` permission didn't take effect on page creation. New pages are created as drafts by default and need to be published by changing the page status of an existing page draft. This is ensured when the page is created via the Kirby Panel. However the REST API allows to override the `isDraft` flag when creating a new page. This allowed authenticated attackers with the `pages.create` permission to immediately create published pages, bypassing the normal editorial workflow. The problem has been patched in [Kirby 4.9.0](https://github.com/getkirby/kirby/releases/tag/4.9.0) and [Kirby 5.4.0](https://github.com/getkirby/kirby/releases/tag/5.4.0). Please update to one of these or a [later version](https://github.com/getkirby/kirby/releases) to fix the vulnerability. In all of the mentioned releases, Kirby has added a check to the page creation rules that ensures that users without the `pages.changeStatus` permission cannot create published pages, only page drafts. Kirby thanks @offset for responsibly reporting the identified issue.

{ const session = validateSession(req, res); // only checks token validity if (!session) return; const { error } = changePassword(req.body.password); // no isAdmin() check ``` **`packages/sync-server/src/accounts/password.js:113-125`** - `changePassword()` updates the hash with no current-password confirmation: ```js export function changePassword(newPassword) { accountDb.mutate("UPDATE auth SET extra_data = ? WHERE method = 'password'", [hashed]); } ``` **`packages/sync-server/src/accounts/password.js:56-62`** - `loginWithPassword()` always authenticates as the user with `user_name = ''`, which is created by the multiuser migration with `role = 'ADMIN'`: ```js const sessionRow = accountDb.first( 'SELECT * FROM sessions WHERE auth_method = ?', ['password'] ); ``` **`packages/sync-server/src/account-db.js:56-63`** - a client can force the `password` login method regardless of server configuration by sending `loginMethod` in the request body: ```js if (req.body.loginMethod && config.get('allowedLoginMethods').includes(req.body.loginMethod)) { return req.body.loginMethod; } ``` When a server is migrated from password → OpenID via `enableOpenID()`, the password row is set to `active = 0` but **never deleted**, leaving it available for exploitation. --- **Prerequisites:** Server originally bootstrapped with password auth, then switched to OpenID. Default `allowedLoginMethods` configuration (includes `password`). Attacker has any valid OpenID session token (any role). ```bash curl -s -X POST https://<host>/account/change-password \ -H "Content-Type: application/json" \ -H "X-Actual-Token: <any_valid_session_token>" \ -d '{"password": "attacker123"}' curl -s -X POST https://<host>/account/login \ -H "Content-Type: application/json" \ -d '{"loginMethod": "password", "password": "attacker123"}' ``` The returned token belongs to the `user_name = ''` admin account (created by `1719409568000-multiuser.js`). Verify admin access: ```bash curl -s https://<host>/account/validate \ -H "X-Actual-Token: <admin_token>" ``` --- **Privilege escalation** - any authenticated user can gain full `ADMIN` access on affected deployments. An ADMIN can manage all users, access all budget files regardless of ownership, modify file access controls, and change server configuration. Affected deployments: multi-user servers running OpenID Connect that were previously configured with password authentication. Servers bootstrapped exclusively with OpenID from initial setup are not affected (no password row exists in the `auth` table). --- **1. Restrict `POST /account/change-password` to password-authenticated sessions only** (`packages/sync-server/src/app-account.js`) The endpoint should reject requests from sessions that were authenticated via OpenID. The active auth method can be checked against the session's `auth_method` field or by querying the `auth` table for the currently active method. If the server is running in OpenID mode, this endpoint should return `403 Forbidden`. **2. Require current-password confirmation before accepting a new password** (`packages/sync-server/src/accounts/password.js`) `changePassword()` should accept the current password as a parameter and verify it against the stored hash before applying the update. This prevents any session (even a legitimate password session) from silently overwriting the credential without proving possession of the existing one. **3. Enforce `active` status and remove client control over login method selection** (`packages/sync-server/src/account-db.js` - `getLoginMethod()`) Two issues exist in `getLoginMethod()`: (a) a client can supply `loginMethod` in the request body to select any method listed in `allowedLoginMethods`, regardless of whether it is currently active on the server; (b) the function does not check the `active` column, so an administratively disabled method (e.g. `password` after migrating to OpenID) remains accessible. The fix is to determine the permitted method server-side from `WHERE active = 1` in the `auth` table and ignore any client-supplied `loginMethod` override entirely. Servers intentionally running both methods simultaneously can be supported by allowing multiple `active = 1` rows rather than relying on client input. **4. Immediate mitigation for existing deployments (OpenID-only servers)** Administrators who have fully migrated to OpenID and do not need password auth can remove the orphaned row: ```sql DELETE FROM auth WHERE method = 'password'; ``` Missing authorization on POST /change-password - allows overwriting a password hash, but only matters if there is an orphaned row to target. Orphaned password row persisting after migration - provides the target row, but is harmless without the ability to authenticate using it. Client-controlled loginMethod: "password" - allows forcing password-based auth, but is useless without a known hash established by step 1. All three must be chained in sequence to achieve the impact. No single weakness independently results in privilege escalation, which under CVE CNA rule 4.1.2 means they should not each be treated as standalone vulnerabilities. The single root cause is the missing authorization check on /change-password; the other two are preconditions that make it exploitable. A single CVE reflecting that root cause is the appropriate representation - splitting them would falsely imply each carries independent risk.

Command injection in Paperclip @paperclipai/server (versions <2026.416.0) allows authenticated agents to execute arbitrary OS commands on the server host. Attackers with Agent API credentials can escalate from agent runtime to full server host control by injecting malicious shell commands through the adapterConfig.workspaceStrategy.provisionCommand field during workspace provisioning. CVSS 8.8 (high) with network-accessible attack vector and low complexity. Vendor patch available in version 2026.416.0. No public exploit or CISA KEV listing identified at time of analysis, but the vulnerability breaks critical trust boundaries in multi-agent AI orchestration systems.

Improper privilege management in IBM Guardium Key Lifecycle Manager versions 4.1 through 5.1 allows remote unauthenticated attackers to achieve limited confidentiality and integrity compromise through a network attack requiring high complexity. The vulnerability stems from inadequate access control enforcement that permits elevation of privileges without authentication, affecting a widely deployed enterprise key management solution.

Identity spoofing in IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.4 allows authenticated attackers with low privileges to impersonate other users and escalate privileges when applications are deployed without proper authentication and authorization controls. The vulnerability requires high attack complexity and low-privilege credentials, but enables complete compromise of confidentiality, integrity, and availability within the application scope. CVSS 7.5 (High) reflects the significant impact once exploitation conditions are met. No public exploit identified at time of analysis, and vendor patch is available per IBM advisory.

SQL injection in NocoBase plugin-collection-sql allows authenticated users with collection management permissions to bypass validation controls and execute arbitrary SQL queries. The checkSQL() function blocks dangerous keywords on collection creation and execution but is completely absent from the update endpoint, enabling attackers to create benign SQL collections then modify them with malicious queries to exfiltrate sensitive data including user credentials. Vendor patch available via GitHub PR #9134 and commit 851aee5. CVSS 7.2 reflects high privileges required (PR:H), but real-world impact is severe for environments where collection managers are not fully trusted administrators.

Remote code execution and full account takeover in CI4MS (CodeIgniter 4 CMS/ERP) allows authenticated high-privilege users to escalate to superadmin and compromise all accounts via stored DOM XSS in backup module filename fields. Attackers craft malicious SQL backup files containing hidden JavaScript payloads that execute when administrators view backup listings. Vendor-released patch available in version 0.31.5.0, addressing XSS via output escaping in DataTables rendering. No CISA KEV listing or public POC identified at time of analysis, but CVSS 9.1 Critical reflects scope change and multi-stage exploitation potential.

Privilege escalation to root in uutils coreutils chroot utility allows low-privileged local attackers with write access to the chroot target directory to execute arbitrary code via malicious NSS module injection. The vulnerability triggers when --userspec option causes getpwnam() to load attacker-controlled shared libraries from the new root before dropping privileges, enabling container escape or full system compromise on glibc-based systems. CVSS 7.8 with Scope Changed indicates host compromise from containerized environments. SSVC framework confirms POC availability and total technical impact, though exploitation requires specific configuration (writable NEWROOT) and is not automatable.

Privilege escalation in uutils coreutils mkfifo utility allows local attackers with low privileges to manipulate file permissions on arbitrary system files. A TOCTOU race condition between FIFO creation and permission setting enables symlink swapping attacks, redirecting chmod operations to unintended targets. SSVC framework indicates proof-of-concept exists with total technical impact. While CVSS rates this 7.0 (High), exploitation requires high attack complexity (race condition timing), low privileges, and write access to the parent directory where mkfifo is executed - most impactful when the utility runs with elevated privileges in automated scripts or system processes. No active exploitation confirmed (not in CISA KEV); EPSS data not available.

OpenRemote Manager allows privilege escalation to Keycloak master realm administrator through improper authorization in the Manager API. Users with write:admin permission in any non-master realm can manipulate realm role assignments in other realms, including master, by exploiting missing authorization checks in the updateUserRealmRoles endpoint. An attacker controlling any user in the master realm can grant themselves admin privileges, achieving full Keycloak administrator access. Vendor-released patch version 1.22.1 addresses this vulnerability. No public exploit code identified at time of analysis, though a detailed proof-of-concept is documented in the advisory.

Local privilege escalation in PackageKit 1.0.2-1.3.4 allows unprivileged Linux users to install arbitrary RPM packages as root without authentication via TOCTOU race condition on transaction flags. The vulnerability exploits three synchronized bugs in the transaction state machine: unconditional flag overwrite, silent state-transition rejection that leaves corrupted flags, and late flag validation at dispatch time. Actively exploited in targeted attacks according to vendor advisory. CVSS 8.8 with scope change reflects full system compromise from low-privileged account. Patched in version 1.3.5.

Local privilege escalation in pcvisit Remote Host Modul on Windows allows low-privileged users to gain NT AUTHORITY\SYSTEM by overwriting the service binary with malicious code that executes automatically at boot. All versions after 22.6.22.1329 through 25.12.3.1745 are affected due to weak file permissions (CWE-276). Vendor patched in version 25.12.3.1745 per advisory. EPSS and KEV status unknown, but vulnerability is trivial to exploit (CVSS AV:L/AC:L/PR:L) with maximum local impact (8.5 High).

Unprivileged local users on FreeBSD can read sensitive kernel memory via a page table manipulation bug in pmap_pkru_update_range(). When applying protection keys to 1GB largepage mappings created through shm_create_largepage(3), the kernel incorrectly treats userspace memory as page table entries, enabling unauthorized information disclosure. This affects FreeBSD 13.5, 14.3, 14.4, and 15.0 releases and has been confirmed fixed by vendor patches.

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach host-backed agent runtimes, potentially leading to unauthorized file disclosure and read access through default-enabled read-only tools.

Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Remote attackers can install and activate arbitrary plugins in HKUDS OpenHarness through exposed plugin management commands. Pre-PR#156 versions expose /plugin install, /plugin enable, /plugin disable, and /reload-plugins endpoints to unauthenticated remote senders via the channel layer, allowing complete control over plugin trust and activation state. Vendor patch available in v0.1.7 (commit 59017e0). CVSS 8.7 with network vector and no authentication required, though user interaction is needed. No active exploitation confirmed (not in CISA KEV), but VulnCheck advisory and GitHub references provide technical details that could facilitate exploitation.

Privilege escalation in Firefox's Debugger component allows remote attackers to gain elevated system privileges after user interaction with a malicious site. Affects Firefox versions prior to 150 and Firefox ESR versions prior to 140.10. CVSS 8.8 severity with network attack vector and no authentication required. SSVC framework indicates no active exploitation detected and non-automatable attack pattern. Vendor-released patches available in Firefox 150 and Firefox ESR 140.10 per Mozilla security advisories MFSA2026-30 through MFSA2026-34.

Remote attackers can escalate privileges in Firefox and Firefox ESR through a flaw in the Networking component when a user interacts with malicious content. The vulnerability affects Firefox versions prior to 150 and Firefox ESR versions prior to 140.10, allowing attackers with no initial privileges to achieve high impact on confidentiality, integrity, and availability. Mozilla has released patches for both product lines. EPSS data not available; no confirmed active exploitation (not listed in CISA KEV); public exploit code status unknown.

Privilege escalation in Firefox WebRender allows remote attackers to gain elevated access through malicious web content requiring user interaction. Affects Firefox versions before 150, Firefox ESR before 115.35, and Firefox ESR before 140.10. Mozilla released patches in advisories MFSA2026-30 through MFSA2026-34. CVSS 8.8 (High) severity with network attack vector, but exploitation requires user interaction (visiting malicious site). No public exploit identified at time of analysis, with SSVC framework indicating no confirmed exploitation and partial technical impact.

Erlang OTP SSH daemon (ssh_sftpd) stores unresolved user-supplied paths in file handles, allowing authenticated SFTP users to modify file attributes (permissions, ownership, timestamps) outside the configured chroot directory via SSH_FXP_FSETSTAT requests. When the SSH daemon runs as root, this enables privilege escalation through setting setuid bits or changing ownership of system files. The vulnerability affects OTP versions 17.0 through 28.4.3 (and earlier point releases in 27.x and 26.x series); patched versions are available per vendor advisory.

Local privilege escalation in Honor AiAssistant (all versions) allows authenticated users with low privileges to gain full system control (high impact on confidentiality, integrity, and availability) through authentication bypass. Vendor advisory confirmed by Honor with CVSS 7.8. No active exploitation confirmed; EPSS data not yet available as this is a recently disclosed 2026 CVE.

Honor PcManager contains a privilege bypass vulnerability allowing local attackers without privileges to impact service availability through a type-confusion mechanism. The vulnerability requires high attack complexity and local access, resulting in a CVSS 3.2 (low severity) score with confidentiality and integrity impact ruled out. No active exploitation or public exploit code has been identified at the time of analysis.

CSS injection in FreeScout mailbox signatures enables CSRF token exfiltration and privilege escalation from authenticated agents to administrators. The vulnerability exists in FreeScout versions prior to 1.8.213 where incomplete input sanitization fails to strip <style> tags from mailbox signature fields. Attackers with mailbox configuration access leverage CSS attribute selectors to steal CSRF tokens from viewing users, then perform arbitrary state-changing actions including admin account creation. EPSS data not available; no confirmed active exploitation (CISA KEV absent). Vendor patch released in version 1.8.213 with complete fix addressing previous incomplete remediation (GHSA-jqjf-f566-485j).

Sandbox bypass in OpenClaw (pre-2026.3.31) enables authenticated remote attackers to escalate privileges by manipulating heartbeat context inheritance and senderIsOwner parameters. Exploitation requires low attack complexity with present attack technique capability, achieving complete compromise of confidentiality, integrity, and availability across vulnerable and subsequent system scope. No active exploitation confirmed (not in CISA KEV), but VulnCheck disclosure indicates researcher-identified vulnerability with public GitHub commit and security advisory available.

XiangShan open-source RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 and earlier versions fail to properly gate the Control and Status Register (CSR) write-enable path for Physical Memory Attribute (PMA) configuration, allowing local attackers with code execution privileges to write to PMA CSRs that should raise illegal-instruction exceptions per the RISC-V specification. Successful exploitation enables attackers to alter memory attribute enforcement, potentially leading to privilege escalation, information disclosure, or denial of service depending on platform security boundaries. No public exploit code or active exploitation has been confirmed at time of analysis.

Dell PowerProtect Data Domain appliances versions 7.7.1.0-8.7.0.0, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 contain an improper privilege management vulnerability in iDRAC that allows a high-privileged local attacker with user interaction to elevate privileges and perform unauthorized delete operations. The vulnerability requires high privileges and local access combined with user interaction, limiting real-world attack surface primarily to insider threats or physical facility access scenarios.

Privilege escalation in Vvveb CMS versions prior to 1.0.8.1 allows authenticated low-privileged users to inject role_id=1 into profile save requests, escalating to Super Administrator and enabling plugin upload for remote code execution. Vendor patch available in version 1.0.8.1. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. EPSS data not provided; KEV status unknown. Public disclosure via VulnCheck advisory with commit-level fix details increases likelihood of exploitation attempts.

Local privilege escalation in SKYSEA Client View (≤21.200.07j) and SKYMEC IT Manager (≤2024.005.10a) allows low-privileged users to execute arbitrary code with administrative privileges by exploiting insecure installation folder permissions. Attackers can write malicious files into the product directory, achieving full system compromise. EPSS score of 0.01% (2nd percentile) indicates low likelihood of widespread exploitation despite CVSS 8.5 severity. No active exploitation confirmed; CISA SSVC assessment marks exploitation status as 'none' and automatable as 'no', suggesting targeted attack potential rather than mass exploitation risk.

OS command injection in TeamT5 ThreatSonar Anti-Ransomware ≤4.0.0 allows authenticated remote attackers with shell access to escalate privileges to root. Despite the high CVSS score (8.7), exploitation requires legitimate shell access and low-privilege authentication, limiting attack surface to environments where ransomware protection agents are accessible to compromised accounts. EPSS probability is low (0.12%, 32nd percentile), and no active exploitation or public POC has been identified. Taiwan CERT published advisories, suggesting regional deployment significance.

{username} endpoint. The vulnerability stems from missing authorization checks on self-service user updates - any valid login credential is sufficient to escalate privileges to roles like 'manager' or 'developer'. CVSS 9.9 (Critical) reflects the Changed scope and broad compromise potential. SSVC indicates proof-of-concept code exists but exploitation requires human interaction (not automatable), suggesting targeted rather than mass-exploitation risk. No CISA KEV listing at time of analysis.

OpenXiangShan NEMU fails to properly enforce Smstateen permission controls, allowing authenticated local users to access IMSIC (Incoming Message Signal Interrupt Controller) state through stopei/vstopei CSRs despite mstateen0.IMSIC being cleared. This privilege escalation enables cross-context information disclosure of interrupt state and potential disruption of interrupt handling mechanisms in lower-privileged execution contexts.

Privilege escalation in OpenXiangShan NEMU allows authenticated local attackers to bypass state-enable isolation controls when Smstateen extension is enabled. Clearing mstateen0.ENVCFG fails to properly restrict access to henvcfg and senvcfg Control and Status Registers (CSRs), enabling less-privileged code to read or write privileged configuration registers without triggering required exceptions. This undermines virtualization boundaries and multi-privilege isolation in RISC-V processor emulation environments. EPSS exploitation probability is low (0.02%, 4th percentile), no active exploitation confirmed, and publicly available exploit code exists via GitHub issue #690.

Remote code execution in ChurchCRM <7.2.0 allows authenticated administrators to upload PHP webshells through the database backup restore function, which copies files from archive Images/ directories to web-accessible paths without extension filtering. The vulnerability includes a CSRF bypass enabling forced exploitation through cross-site request forgery. Exploitation requires high privileges (administrator account) but is network-accessible with low complexity (CVSS:3.1/AV:N/AC:L/PR:H). No active exploitation confirmed (not in CISA KEV). Vendor-released fix available in version 7.2.0 via GitHub PR #8610 and commit 68be1d12.

Privilege escalation in NovumOS versions prior to 0.24 allows local unprivileged attackers to gain kernel-level execution by manipulating core kernel structures. The vulnerable Syscall 15 (MemoryMapRange) permits user-mode processes to map arbitrary virtual memory regions, including protected kernel areas (IDT, GDT, TSS, page tables), enabling modification of interrupt handlers for privilege elevation. CISA SSVC framework confirms POC availability with total technical impact, though EPSS exploitation probability remains very low (0.01%, 2nd percentile), indicating research-phase discovery rather than widespread targeting. No CISA KEV listing at time of analysis. Vendor-released patch available in version 0.24.

Syscall 12 (JumpToUser) in NovumOS versions prior to 0.24 executes arbitrary kernel code at Ring 0 privilege when invoked by unprivileged Ring 3 user-mode processes. The vulnerability stems from missing address validation on user-supplied entry points, enabling local privilege escalation from user mode to kernel mode with complete system control. CISA SSVC framework confirms publicly available exploit code (POC status) with total technical impact, though EPSS score remains low at 0.02% (5th percentile), suggesting limited real-world targeting of this niche custom operating system despite the severe technical flaw.

Symlink-based path traversal in the npm package 'compressing' v2.1.0 enables arbitrary file overwrites outside intended extraction directories via pre-planted symbolic links delivered through Git repositories. Attackers exploit a partial fix bypass of CVE-2026-24884 by poisoning filesystem state before archive extraction-Git clone operations automatically deploy malicious symlinks without user interaction beyond standard developer workflows. This supply chain vector allows overwriting critical system files (e.g., /etc/passwd) or application binaries to achieve privilege escalation or remote code execution. CVSS 8.4 (AV:L) reflects local attack vector, but real-world risk is amplified by Git-based delivery requiring zero privileges and no user interaction beyond cloning a malicious repository. No EPSS or KEV data available at time of analysis.

Red Magic 11 Pro (NX809J) allows non-privileged applications to bypass service interface validation and write files to sensitive partitions or modify system properties, requiring local access with user interaction. The vulnerability impacts the integrity and availability of the device through privilege escalation from app-level access to system-level modifications, with a moderate CVSS score of 5.0 reflecting its local-only attack vector and requirement for user interaction.

Local privilege escalation in Rapid7 Insight Agent (versions > 4.1.0.2) on Windows allows unprivileged users to execute arbitrary code as SYSTEM via OpenSSL configuration file planting. The agent service loads openssl.cnf from a non-existent directory writable by standard users, enabling full host compromise without authentication. CVSS 8.5 with proof-of-concept exploit code available (E:P). EPSS data not provided; not currently listed in CISA KEV.

STProcessMonitor 11.11.4.0 driver in Safetica Application suite allows local privileged users to send crafted IOCTL requests (0xB822200C) that terminate processes protected by third-party security implementations due to insufficient caller validation in the kernel-mode driver handler. This enables denial of service attacks against critical services without requiring user interaction. Publicly available exploit code exists, and the vulnerability is tracked in CISA's LOLDrivers database as a legitimate-but-abused Windows driver.

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.

Local privilege escalation in Dell Storage Manager - Replay Manager for Microsoft Servers 8.0 allows low-privileged authenticated users to gain elevated privileges with high integrity and availability impact. Dell has released security advisory DSA-2026-058 with patches. The CVSS 7.3 (High) score reflects significant post-exploitation impact, though local access and existing authentication requirements limit initial attack surface. No active exploitation (CISA KEV) or public proof-of-concept code identified at time of analysis.

Privilege escalation in AcyMailing WordPress plugin (versions 9.11.0-10.8.1) allows authenticated Subscriber-level users to gain administrator access through a multi-stage attack chain. Attackers exploit a missing capability check in the wp_ajax_acymailing_router AJAX handler to access admin-only configuration controllers, enable autologin features, inject malicious cms_id values into newsletter subscribers, and authenticate as any WordPress user including administrators. EPSS data not available; no confirmed active exploitation (CISA KEV absent), but the low attack complexity (AC:L) and detailed public code references increase exploitation risk for installations with subscriber registration enabled.

Unauthenticated remote attackers can escalate to administrator privileges on WordPress sites running Riaxe Product Customizer plugin ≤2.1.2. The plugin exposes an AJAX endpoint ('install-imprint') without authentication checks that allows arbitrary WordPress option manipulation, enabling attackers to create administrator accounts by modifying registration settings. CVSS 9.8 (Critical) reflects the complete site compromise potential. EPSS data not provided but exploitation requires only HTTP access to any vulnerable WordPress installation with this plugin active-no special conditions beyond plugin presence.

Privilege escalation in ASUS Member Center (华硕大厅) versions 1.6.6.4 and earlier allows authenticated local users to achieve Administrator-level privilege escalation by exploiting a Time-of-check Time-of-use (TOC-TOU) race condition during the update process. An attacker can substitute a malicious payload for the legitimate downloaded update immediately after integrity verification completes but before execution, causing the compromised code to run with administrative privileges upon user consent. CVSS 5.4 reflects the requirement for local access, user interaction, and elevated (but non-Administrator) initial privileges; however, the vulnerability achieves full privilege escalation to Administrator with moderate technical difficulty.

Privilege escalation in ASUS DriverHub through version 1.0.6.11 allows local authenticated users to modify update validation resources, bypassing security checks to execute arbitrary code with elevated privileges during driver updates. The vulnerability exploits improper file permission assignment in the update process, requiring user interaction to trigger the elevated execution. CVSS 5.4 indicates moderate severity; exploitation requires local access and authenticated user status with specific file system conditions.

Authenticated low-privileged users in wger can modify installation-wide gym configuration via /config/gym-config/edit due to missing permission enforcement, enabling vertical privilege escalation. The GymConfigUpdateView declares 'config.change_gymconfig' permission but inherits WgerFormMixin instead of WgerPermissionMixin, causing the permission check to never execute. Exploiting this allows attackers to manipulate default gym assignments affecting all users, with GymConfig.save() automatically reassigning user profiles and creating gym configurations tenant-wide. CVSS 7.6 (High) with network attack vector, low complexity, and low privileges required. No active exploitation (KEV) or public POC identified at time of analysis, though GitHub advisory provides detailed reproduction steps.

Privilege escalation to WordPress administrator via insecure token-based authentication in Barcode Scanner (+Mobile App) plugin versions ≤1.11.0 allows remote unauthenticated attackers to gain full administrative control. The plugin leaks valid admin authentication tokens through the 'barcodeScannerConfigs' action and accepts Base64-encoded user IDs without validation, enabling attackers to spoof admin credentials, extract legitimate tokens, and modify any user's 'wp_capabilities' meta to grant themselves administrator privileges. CVSS 9.8 (Critical) with network vector, low complexity, and no authentication required. Vendor patch deployed in changeset 3506824.

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates.

Local privilege escalation in Barracuda RMM (all versions prior to 2025.2.2) enables authenticated Windows users to execute arbitrary code as NT AUTHORITY\SYSTEM by writing malicious files to the insecurely-permissioned C:\Windows\Automation directory. Vendor-released patch version 2025.2.2 addresses the filesystem ACL misconfiguration. EPSS data unavailable; no confirmed active exploitation (not in CISA KEV), though VulnCheck public advisory increases likelihood of POC development. CVSS 8.5 reflects high local impact requiring only low-privileged authentication.

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color values prefixed with -- bypass TinyColor validation intended for CSS custom properties, and the launder.string() call performs only type coercion without stripping HTML metacharacters. These unsanitized values are then concatenated directly into <style> tags both in per-widget style elements rendered for all visitors and in the global stylesheet rendered for editors, with the output marked as safe HTML. An editor can inject a value which closes the style tag and executes arbitrary JavaScript in the browser of every visitor to any page containing the affected widget. This enables mass session hijacking, cookie theft, and privilege escalation to administrative control if an admin views draft content. This issue has been fixed in version 4.29.0.

{id}/preferences`, the endpoint iterates through the submitted JSON array and blindly applies the new values: ```php foreach ($request->request->all() as $preference) { // ... validation omitted ... if (null === ($meta = $profile->getPreference($name))) { throw $this->createNotFoundException(\sprintf('Unknown custom-field "%s" requested', $name)); } $meta->setValue($value); // <-- VULNERABILITY } ``` The underlying Role-Based Access Control logic (`UserPreferenceSubscriber::getDefaultPreferences`) accurately identifies that standard users lack the `hourly-rate` role, and flags the dynamically generated preference object as disabled (`$preference->setEnabled(false)`). However, the `updateUserPreference` API endpoint entirely ignores this `isEnabled()` flag and forcefully saves the mutated object to the database natively via Doctrine ORM. This allows unauthorized accounts to manipulate the business-logic variables calculating their own financial earnings. 1. Log into Kimai as an unprivileged, standard employee account (a user with absolutely no `roles` array privileges). 2. Capture the `cookie` or Session cookies. (In this example, the user's ID is `2`). 3. Send the following cURL request (or intercept via Burp Suite) targeting your own user ID: ```bash curl -i -X PATCH "http://localhost:8001/api/users/2/preferences" \ -H "Content-Type: application/json" \ -H "cookie: <YOUR_STANDARD_USER_TOKEN>" \ -d '[ { "name": "hourly_rate", "value": "1337" }, { "name": "internal_rate", "value": "1337" } ]' ``` 4. The server responds with `HTTP/1.1 200 OK`. (Note: The `hourly_rate` will intentionally NOT appear in the JSON echo due to `User::getVisiblePreferences` sanitizing output based on the same disabled flag). 5. If an Administrator organically views User 2's profile within Kimai, or if the user logs any new timesheets, the active and billed `hourly_rate` applied to their account will be confirmed as `1337`. <img width="1542" height="1039" alt="user_account" src="https://github.com/user-attachments/assets/fff5e2da-d598-408d-8a01-784499ade844" /> <img width="1539" height="1037" alt="admin_account" src="https://github.com/user-attachments/assets/86a6e8c3-a97f-4be3-9f9f-2e23fad1d8a0" /> This is a Privilege Escalation and Business Logic Flaw impacting the core financial calculations of the application. An attacker with a standard user account can manipulate their own billing rate multipliers unbeknownst to administrators, resulting in fraudulent invoices, distorted timesheet exports, and unauthorized financial tampering.

{ '&': '&amp;', '<': '&lt;', '>': '&gt;', // MISSING: '"': '&quot;' // MISSING: "'": '&#039;' }; ``` **Affected code files**: - `assets/js/plugins/KimaiEscape.js:24-38` - incomplete escape function - `assets/js/forms/KimaiTeamForm.js:77,86` - replacement + innerHTML - `templates/macros/widgets.html.twig:126` - `title="{{ tooltip }}"` in avatar macro - `templates/form/blocks.html.twig:104` - `{{ widgets.avatar('__INITIALS__', '__COLOR__', '__DISPLAY__') }}` [poc.zip](https://github.com/user-attachments/files/26537515/poc.zip) Please extract the uploaded compressed file before proceeding 1. ./setup.sh 2. ./poc_xss.sh <img width="751" height="155" alt="스크린샷 2026-04-07 오후 9 06 27" src="https://github.com/user-attachments/assets/c09a23fb-f60b-49dd-9018-8c723e35b4c4" /> - Stored XSS: payload persists in the database (user alias field) - Privilege escalation: ROLE_USER injects XSS that executes in ROLE_ADMIN/ROLE_SUPER_ADMIN browser session

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.

The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.

HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability.

Privilege escalation in Login as User WordPress plugin (all versions ≤1.0.3) allows authenticated subscribers to become administrators by manipulating a client-side cookie. Attackers with Subscriber-level access can set the 'oclaup_original_admin' cookie to an admin user ID and trigger the 'Return to Admin' function, granting full admin privileges. CVSS 8.8 (High) with network vector, low complexity, and low privileges required. No public exploit identified at time of analysis, EPSS data not available. Wordfence reported vulnerability with direct source code references to vulnerable functions in class-login-handler.php.

Arbitrary WordPress action execution in Avada (Fusion) Builder plugin versions up to 3.15.1 allows authenticated attackers with Subscriber-level access to invoke unvalidated WordPress action hooks via the Dynamic Data feature, potentially enabling privilege escalation, file inclusion, denial of service, or remote code execution depending on available hooks in the WordPress installation. The vulnerability stems from the `output_action_hook()` function accepting user-controlled input without authorization checks. No public exploit code or active exploitation has been confirmed at time of analysis.

Serendipity's serendipity_setCookie() function accepts unsanitized HTTP_HOST header values as the cookie domain parameter, allowing remote attackers to scope authentication cookies (session tokens, auto-login tokens) to attacker-controlled domains and facilitate session hijacking. The vulnerability requires user interaction (victim authentication during poisoned Host header) and man-in-the-middle or reverse proxy misconfiguration to exploit, affecting all versions of Serendipity that use the vulnerable function. A proof-of-concept demonstrating cookie domain poisoning exists; exploitation probability is moderate (EPSS 6.9, CVSS AC:H reflects attack complexity), and no evidence of active exploitation has been identified.

Remote code execution as root in Jellyfin media server versions prior to 10.11.7 allows authenticated users with 'Upload Subtitles' permission to execute arbitrary code through a multi-stage attack chain exploiting path traversal in subtitle uploads, arbitrary file write, and ld.so.preload manipulation. CVSS 9.9 (Critical) reflects the complete system compromise potential. EPSS data not available. Not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis. Attack requires low-privilege authenticated access but can escalate to full root-level code execution.

{id} endpoint to assign themselves ROLE_ADMIN privileges, bypassing intended access controls. The vulnerability stems from inadequate authorization checks that verify only record ownership without restricting modification of security-critical fields. With CVSS 8.8 (High) and low attack complexity requiring only basic authentication, this represents a critical access control failure in educational platforms. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the straightforward attack vector makes exploitation trivial for malicious insiders.

Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 leak NTLMv2 machine-account hashes through an unauthenticated SOAP endpoint on TCP port 1208, enabling remote attackers to force SMB authentication attempts and relay credentials for privilege escalation or lateral movement. The WCF service accepts unsanitized file paths in the ReadLicense action, allowing UNC path injection to trigger outbound SMB connections. CVSS 7.0 with network attack vector, low complexity, and no authentication required (PR:N). No public exploit code identified at time of analysis, though the attack technique is straightforward for adversaries familiar with NTLM relay tactics.

NTLMv2 credential leakage in Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 enables remote unauthenticated attackers to extract machine-account hashes via deprecated .NET Remoting TCP channels, facilitating network-wide lateral movement and privilege escalation through hash relay attacks. Disclosed by VulnCheck, this flaw exploits insecure object deserialization to coerce NTLM authentication to attacker-controlled UNC paths. EPSS data not available; no KEV listing or public exploit code identified at time of analysis, though the disclosed technical details provide sufficient information for weaponization.

Stored cross-site scripting (XSS) in Chamilo LMS versions prior to 2.0.0-RC.3 allows authenticated users to upload malicious HTML files containing JavaScript via the social post attachment API endpoint. The uploaded files are served without sanitization, content-type restrictions, or proper content-disposition headers, causing embedded JavaScript to execute in the browser within the application's trusted origin. This enables session hijacking, account takeover, and privilege escalation attacks, particularly when an administrator views a malicious link. The vulnerability is confirmed fixed in version 2.0.0-RC.3.

Stored XSS in October CMS versions before 3.7.14 and 4.1.10 allows authenticated users with media upload permissions to bypass SVG sanitization regex patterns and inject malicious JavaScript through crafted SVG files. When a superuser or other high-privileged user views or embeds the malicious SVG, the payload executes in their browser context, enabling privilege escalation. The vulnerability requires both authenticated backend access and user interaction (viewing/embedding the SVG), resulting in a CVSS 4.8 (Medium) rating; no public exploit code has been identified at time of analysis.

Cross-site scripting (XSS) in Adobe Connect versions 12.10 and earlier, including the 2025.3 release line, enables privilege escalation when low-privileged authenticated users trick victims into visiting malicious URLs. The changed scope (CVSS S:C) indicates the vulnerability can affect resources beyond the vulnerable application's security context. EPSS data not available; no evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis. Requires user interaction (UI:R) but has low attack complexity (AC:L) and network-based attack vector (AV:N), making social engineering campaigns feasible.

Stored Cross-Site Scripting (XSS) in October CMS versions prior to 3.7.14 and 4.1.10 allows authenticated backend users with editor settings permissions to inject malicious JavaScript into Markup Classes fields, which executes unsanitized in the Froala editor dropdown menus when any user-including superusers-opens a RichEditor. This enables privilege escalation when a superuser performs routine content editing tasks. CVSS 5.1 indicates moderate risk; exploitation requires authenticated backend access and user interaction (opening an editor), but the stored nature of the payload and privilege escalation potential elevate real-world concern. No public exploit code or active CISA KEV status reported.

Improper privilege management in Microsoft Windows allows authenticated local attackers to deny service by exploiting a privilege escalation flaw affecting Windows 10 versions 21H2 and 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2022 and 2025. The vulnerability requires local access and valid credentials but does not permit code execution or data manipulation. CVSS 5.5 reflects moderate severity; CISA SSVC framework rates exploitation as none with partial technical impact, indicating this is not currently a priority threat despite patch availability.

Path traversal in Fortinet FortiSandbox 4.4.0-4.4.8 and 5.0.0-5.0.5 enables remote unauthenticated attackers to achieve full system compromise. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), the vulnerability permits network-based exploitation without credentials or user interaction, leading to complete confidentiality, integrity, and availability impact. Despite critical severity, EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV). SSVC framework marks it as automatable with total technical impact but no current exploitation. The incomplete CVE description (placeholder text for attack vector) suggests early disclosure; verify completeness with Fortinet advisory FG-IR-26-112.

Privilege escalation in Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) versions prior to V5.8 allows authenticated User Administrators to escalate their own privileges through improper group administration controls. Authenticated attackers with low-privilege User Administrator credentials can exploit flawed group membership logic to grant themselves unrestricted access to any device group at any access level, achieving full administrative control over critical industrial infrastructure. CVSS 8.8 (High) reflects network-accessible attack vector with low complexity and no user interaction required. No public exploit identified at time of analysis, though the attack path is straightforward for authenticated insiders.

Authenticated attackers can reset arbitrary user passwords in Webkul Krayin CRM v2.2.x through a Broken Object-Level Authorization (BOLA) vulnerability in the /Settings/UserController.php endpoint, enabling full account takeover of any user account. The attack requires low-privilege authentication (PR:L) and is exploitable remotely with low complexity (AV:N/AC:L), presenting an 8.8 CVSS severity with high impact to confidentiality, integrity, and availability. EPSS data not available; no CISA KEV listing identified; publicly available exploit code exists per researcher disclosure.

SQL injection in Craft Commerce 5.0.0-5.5.4 allows authenticated control panel users to extract arbitrary database contents via ProductQuery::hasVariant and VariantQuery::hasProduct parameters that bypass prior sanitization fixes. Attackers can retrieve security keys to forge admin sessions and escalate privileges. Fixed in version 5.6.0. EPSS 0.03% (8th percentile) indicates low observed exploitation probability; no public exploit identified at time of analysis.

Unauthorized access to configuration endpoints in Pandora FMS versions 777 through 800 exposes sensitive system information to low-privileged authenticated users. The missing authorization control (CWE-276) allows privilege escalation where authenticated users can access configuration data they should not have permissions to view, potentially revealing credentials, internal architecture details, and security settings. With CVSS 8.4 (High) and low attack complexity, this vulnerability poses significant risk in multi-tenant or role-separated Pandora FMS deployments. No public exploit identified at time of analysis, though the straightforward attack vector (network-accessible, low complexity, requires only basic authentication) makes exploitation highly feasible.

Stored cross-site scripting in Apache Storm UI before 2.8.6 allows authenticated users with topology submission rights to inject malicious HTML/JavaScript via unsanitized component identifiers, stream names, and grouping values in the visualization component. The payload persists in Nimbus and executes in the browser of any administrator viewing the topology visualization, enabling privilege escalation in multi-tenant deployments. EPSS score of 0.04% and SSVC assessment of partial technical impact with no automated exploitation indicate relatively low real-world risk despite the concerning privilege-escalation scenario.

Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information through incorrect default file or directory permissions, exposing high-value data on affected wearable devices. The vulnerability requires local access but no authentication or user interaction, making it exploitable by any user on the device.

Privilege escalation in BuddyPress Groupblog (WordPress plugin) allows authenticated attackers with Subscriber-level access to grant Administrator privileges on any blog in a Multisite network, including the main site. Exploitation leverages missing authorization checks in group blog settings handlers, enabling attackers to inject arbitrary WordPress roles (including administrator) and associate groups with any blog ID. When users join the compromised group, they are silently added to the targeted blog with the injected role. Authenticated access required (PR:L). No public exploit identified at time of analysis.

Local privilege escalation in KeePassXC password manager allows authenticated attackers with low privileges to execute arbitrary code by exploiting insecure OpenSSL configuration file loading. When a target user launches KeePassXC, malicious configuration planted in an unsecured path is loaded, enabling code execution in KeePassXC's security context. Attack requires user interaction and prior low-privileged access. CVSS 7.3 (AV:L/AC:L/PR:L/UI:R). No public exploit identified at time of analysis.

Local privilege escalation in NoMachine Device Server allows authenticated low-privileged attackers to execute arbitrary code with SYSTEM privileges by exploiting unsafe library loading from an unsecured search path. The vulnerability (ZDI-CAN-28494) requires prior local access but enables full system compromise through DLL hijacking or similar path manipulation. No KEV listing or public exploit identified at time of analysis. CVSS 7.8 (High) with attack vector requiring local access and low privileges (AV:L/PR:L).

Local privilege escalation in NoMachine allows authenticated low-privileged attackers to execute arbitrary code as root through improper validation of command line path parameters. The vulnerability stems from insufficient sanitization of user-supplied file paths in file operations, enabling path traversal to manipulate privileged system resources. Exploitation requires existing low-privileged code execution on the target system. CVSS 7.8 (High) reflects local attack vector with low complexity and no user interaction required. No public exploit identified at time of analysis.

Privilege escalation in Chamilo LMS versions prior to 1.11.38 allows any authenticated user with a REST API key to elevate their account status from student (status=5) to teacher/course manager (status=1) by manipulating the status field through the update_user_from_username REST API endpoint. This enables unauthorized course creation and management capabilities. Authentication is required (PR:L), but once exploited, attackers gain high-integrity administrative functions within the learning management system. No public exploit identified at time of analysis.

Privilege escalation in OpenClaw gateway-authenticated plugin HTTP routes allows authenticated attackers to bypass scope restrictions and gain operator.admin privileges. The vulnerability affects OpenClaw versions prior to 2026.3.25, enabling low-privileged authenticated users to perform unauthorized administrative actions through improperly minted runtime scopes. Exploitation requires network access and low-level authentication but no user interaction. No public exploit identified at time of analysis.

Privilege escalation in OpenClaw versions prior to 2026.3.25 allows authenticated low-privilege operators to bypass pairing requirements during backend reconnection, self-requesting elevated scopes to gain operator.admin privileges. Attackers with existing operator credentials exploit improper scope validation (CWE-648) to escalate from limited operator access to full administrative control over the OpenClaw system. Exploitation requires network access and low-privilege authentication (CVSS:3.1 PR:L), enabling high-impact compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis.

OpenClaw before version 2026.3.24 allows authenticated operator.write-scoped clients to escalate privileges and modify channel authorization policies normally restricted to operator.admin scope through improper scope re-validation in the /allowlist command. Attackers with write-level permissions can exploit the chat.send function to construct an internal command-authorized context and persist unauthorized changes to channel allowFrom and groupAllowFrom policies, effectively bypassing access control mechanisms.

Privilege escalation in Vikunja API (v2.2.2 and prior) allows authenticated users with Write permission on a shared project to escalate to Admin by reparenting the project under their own hierarchy. The vulnerability exploits insufficient authorization checks in project reparenting (CanWrite instead of IsAdmin), causing the recursive permission CTE to grant Admin rights. Attackers can then delete projects, remove user access, and manage sharing settings. Publicly available exploit code exists.

Local privilege escalation in systemd 259 before 260 allows authenticated local users to gain root-level access via varlink communication to systemd-machined, exploiting improper namespace isolation. The vulnerability requires low privileges, high attack complexity, and user interaction, affecting the systemd init system across Linux distributions. No public exploit code or active exploitation has been confirmed at time of analysis.

Privilege escalation in CouchCMS allows authenticated Admin-level users to create SuperAdmin accounts by manipulating the f_k_levels_list parameter during user creation requests. Attackers modify the parameter value from 4 to 10 in HTTP POST bodies to bypass authorization controls and gain unrestricted application access. This authenticated attack (PR:H) enables lateral privilege movement from Admin to SuperAdmin, circumventing intended role hierarchy enforcement. Publicly available exploit code exists, lowering exploitation barrier for actors with existing Admin credentials.

Local privilege escalation in Acronis True Image for macOS enables authenticated low-privileged users to gain elevated system privileges through improper environment variable handling. Affects Acronis True Image OEM (macOS) versions prior to build 42571 and Acronis True Image (macOS) prior to build 42902. Attackers with existing local access can achieve complete system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis. Exploitation requires low attack complexity with no user interaction.

Local privilege escalation in Samsung MagicINFO 9 Server versions prior to 21.1091.1 enables authenticated low-privileged users to escalate to high privileges through incorrect default file/directory permissions. Attackers with local access can obtain complete system control, compromising confidentiality, integrity, and availability. Attack requires local access and low-level authentication but no user interaction. No public exploit identified at time of analysis.

Symbolic link manipulation in Juniper Networks Junos OS CLI enables authenticated local attackers with low privileges to escalate to root access. Exploitation requires two users: the first performs a 'file link ...' CLI operation, then after the second user commits unrelated configuration changes, the first user can authenticate as root, achieving full system compromise. Affects Junos OS versions across 23.2, 23.4, 24.2, 24.4, and 25.2 release trains prior to specified patch levels. No public exploit identified at time of analysis.

OpenClaw before version 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that improperly uses a synthetic operator.admin runtime scope, allowing authenticated attackers to execute privileged operations with unintended administrative access by triggering session deletion without a request-scoped client. CVSS score of 6.1 reflects the requirement for low-level user authentication (PR:L) and network accessibility; patch availability is confirmed.