Official account maintained by the CVE™ Program to notify the community of new CVE IDs. Posts contain abbreviated details. Full CVE Records on cve.org
Joined January 2017
- Tweets 246,386
- Following 3
- Followers 57,592
- Likes 5
Photos and videos
CVE-2026-53822 OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild comma… cve.org/CVERecord?id=CVE-202…
302
CVE-2026-53823 OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack accoun… cve.org/CVERecord?id=CVE-202…
254
CVE-2026-53824 OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh w… cve.org/CVERecord?id=CVE-202…
221
CVE-2026-53825 OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.wri… cve.org/CVERecord?id=CVE-202…
192
CVE-2026-53826 OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attack… cve.org/CVERecord?id=CVE-202…
196
CVE-2026-53827 OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads wi… cve.org/CVERecord?id=CVE-202…
168
CVE-2026-53828 OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands wi… cve.org/CVERecord?id=CVE-202…
166
CVE-2026-53829 OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can su… cve.org/CVERecord?id=CVE-202…
159
CVE-2026-53830 OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after se… cve.org/CVERecord?id=CVE-202…
176
CVE-2026-53831 OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interp… cve.org/CVERecord?id=CVE-202…
170
CVE-2026-53832 OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers wit… cve.org/CVERecord?id=CVE-202…
154
CVE-2026-53833 OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration with… cve.org/CVERecord?id=CVE-202…
178
CVE-2026-53834 OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom poli… cve.org/CVERecord?id=CVE-202…
128
CVE-2026-53835 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or upd… cve.org/CVERecord?id=CVE-202…
144
CVE-2026-53836 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using ab… cve.org/CVERecord?id=CVE-202…
147
CVE-2026-53837 OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can by… cve.org/CVERecord?id=CVE-202…
143
CVE-2026-53838 OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope decisions. Attackers… cve.org/CVERecord?id=CVE-202…
147
CVE-2026-53839 OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Atta… cve.org/CVERecord?id=CVE-202…
150
CVE-2026-53867 Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image f… cve.org/CVERecord?id=CVE-202…
174
CVE-2026-53868 Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then in… cve.org/CVERecord?id=CVE-202…
157