•about 1 hour ago•GHSA-74M3-9QVM-RP9H
8.8GHSA-74M3-9QVM-RP9H: Arbitrary Host Filesystem Access via Symlink Following in zrok WebDAV
A critical vulnerability in the WebDAV drive backend of openziti/zrok allows unauthenticated or authenticated users to escape the designated shared directory. By creating or interacting with symbolic links, an attacker can achieve arbitrary file read and write access on the host system running the zrok process.
6 views•7 min read
•about 4 hours ago•CVE-2026-3008
6.6CVE-2026-3008: Format String Injection in Notepad++ Localization Parser
Notepad++ version 8.9.3 contains a format string injection vulnerability within its localization configuration parser. The application passes an unvalidated string from the nativeLang.xml file directly to the wsprintfW Windows API function. This flaw allows an attacker to cause an application crash or leak memory addresses by supplying a maliciously crafted language file.
26 views•6 min read
•about 5 hours ago•GHSA-WG4G-395P-MQV3
5.3GHSA-WG4G-395P-MQV3: Cleartext Logging of Sensitive Tool-Call Arguments in n8n-mcp
The n8n-mcp npm package prior to version 2.47.3 contains an information disclosure vulnerability when operating in HTTP mode. The server explicitly logs incoming JSON-RPC request bodies, which exposes sensitive tool-call arguments, including API keys and internal data, to application logs in cleartext.
7 views•6 min read
•about 23 hours ago•GHSA-X2QX-6953-8485
8.8GHSA-x2qx-6953-8485: Argument Injection via Insecure Transformation in GitPython
GitPython versions prior to 3.1.44 contain a high-severity vulnerability in the handling of the `multi_options` parameter during repository clone operations. An insecure string transformation bypasses initial input validation, allowing attackers to inject arbitrary arguments into the underlying Git command and achieve remote code execution.
10 views•6 min read
•1 day ago•GHSA-RPM5-65CW-6HJ4
8.8GHSA-RPM5-65CW-6HJ4: Command Injection via Git Options Bypass in GitPython
GitPython versions prior to 3.1.45 are vulnerable to a command injection flaw due to an architectural logic error in how keyword arguments are sanitized. The library attempts to block dangerous Git options like `--upload-pack` but performs this validation before applying Pythonic underscore-to-hyphen normalization. This allows attackers to bypass the blocklist using underscore-formatted arguments, leading to arbitrary command execution when the underlying Git binary is invoked.
9 views•7 min read
•2 days ago•GHSA-2XCP-X87W-Q377
5.3GHSA-2xcp-x87w-q377: Incorrect Authorization Bypass via Templated Hook Mappings in OpenClaw
The OpenClaw personal AI assistant framework contains an incorrect authorization vulnerability within its webhook routing logic. An architectural flaw in the processing of hook mapping templates allows external webhook payloads to resolve to arbitrary session keys. This effectively bypasses the framework's 'allowRequestSessionKey' security gate, enabling unauthorized users to hijack sessions, inject messages, and access cross-session data.
8 views•7 min read
•2 days ago•GHSA-V8QF-FR4G-28P2
4.3CVE-2026-41908: Scope Enforcement Bypass in OpenClaw Assistant Media Route
OpenClaw versions prior to 2026.4.20 contain a medium-severity authorization bypass vulnerability in the assistant-media gateway route. When configured behind a trusted proxy, the application fails to validate operator scopes, allowing authenticated users with unrelated privileges to access sensitive media files.
10 views•6 min read
•2 days ago•GHSA-72Q8-JCMC-97WX
5.3GHSA-72Q8-JCMC-97WX: Authorization Bypass in openclaw via Feishu Chat Misclassification
OpenClaw versions prior to 2026.4.20 contain a vulnerability in the Feishu integration module where direct messages (DMs) are incorrectly classified as group chats during card interactions. This misclassification leads to a bypass of the dmPolicy enforcement mechanism, allowing unauthorized execution of bot commands within private contexts.
6 views•5 min read
•2 days ago•GHSA-HXVM-XJVF-93F3
7.8GHSA-HXVM-XJVF-93F3: Arbitrary Code Execution via Insecure Environment Variable Loading in OpenClaw
OpenClaw versions prior to 2026.4.20 are vulnerable to arbitrary code execution due to insecure handling of workspace-local `.env` files. The application fails to restrict the entire `OPENCLAW_` namespace, allowing untrusted repositories to override critical internal control variables.
9 views•4 min read
•2 days ago•GHSA-57R2-H2WJ-G887
3.3GHSA-57R2-H2WJ-G887: Trust Boundary Violation in OpenClaw Isolated Cron Awareness Events
OpenClaw versions prior to 2026.4.17 contain a vulnerability where isolated cron agents fail to explicitly mark external webhook data as untrusted. This allows external inputs to be promoted to the main session stream with authoritative system provenance labels.
6 views•6 min read
•2 days ago•GHSA-MJ59-H3Q9-GHFH
7.8GHSA-MJ59-H3Q9-GHFH: Arbitrary Code Execution via Environment Variable Injection in OpenClaw MCP Servers
OpenClaw versions prior to 2026.4.20 are vulnerable to an environment variable injection flaw within the Model Context Protocol (MCP) server configuration mechanism. By supplying a crafted workspace configuration file, an attacker can define dangerous environment variables that execute arbitrary code upon server initialization.
5 views•7 min read
•2 days ago•GHSA-C4QG-J8JG-42Q5
LowGHSA-C4QG-J8JG-42Q5: Server-Side Request Forgery in OpenClaw QQBot Extension
The OpenClaw platform contains a Server-Side Request Forgery (SSRF) vulnerability within its QQBot extension. The application fails to validate external media URLs before relaying them to the QQ Open Platform API. This flaw allows an attacker to induce the upstream QQ API to initiate HTTP requests to arbitrary destinations, including sensitive internal services and cloud metadata endpoints.
9 views•8 min read