Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-5045 — Tenda FH1201 Parameter WrlclientSet stack-based overflow

A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of th…

Remote | Memory Corruption
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
0.0 NA
CVE-2026-5046 — Tenda FH1201 Parameter WrlExtraSet formWrlExtraSet stack-based overflow

A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argum…

| Memory Corruption
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.0 HIGH
CVE-2026-5044 — Belkin F9K1122 Setting formSetSystemSettings stack-based overflow

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such …

Remote | Memory Corruption
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
8.6 HIGH
CVE-2026-33575 — OpenClaw < 2026.3.12 - Long-lived Credential Exposure in Pairing Setup Codes

OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes…

Remote | Authentication
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
6.2 MEDIUM
CVE-2026-33574 — OpenClaw < 2026.3.8 - Path Traversal via Tools Root Rebinding in Skills Download

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy …

| Path Traversal
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
8.8 HIGH
CVE-2026-33573 — OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries b…

Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
8.4 HIGH
CVE-2026-33572 — OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcri…

| Information Disclosure
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.8 CRITICAL
CVE-2026-32987 — OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing

OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times b…

Remote | Authentication
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
8.7 HIGH
CVE-2026-32980 — OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resource…

Remote | Denial of Service
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
7.3 HIGH
CVE-2026-32979 — OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Appro…

OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding c…

| Authentication
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.4 CRITICAL
CVE-2026-32978 — OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners

OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain…

Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.8 CRITICAL
CVE-2026-32975 — OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist

OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create gro…

Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
8.8 HIGH
CVE-2026-32974 — OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Un…

Remote | Authentication
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.8 CRITICAL
CVE-2026-32973 — OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX…

Remote | Path Traversal
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
7.1 HIGH
CVE-2026-32972 — OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.req…

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes th…

Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.8 CRITICAL
CVE-2026-32924 — OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers c…

Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
5.4 MEDIUM
CVE-2026-32923 — OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforceme…

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild membe…

Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.9 CRITICAL
CVE-2026-32922 — OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constra…

Remote | Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
6.9 MEDIUM
CVE-2026-32919 — OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent req…

| Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
9.2 CRITICAL
CVE-2026-32918 — OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply ar…

| Authorization
Mar 29, 2026 Mar 29, 2026
Mar 29, 2026
Mar 29, 2026
Showing 20 of 5927 Results