Vincent Koc

44 exploits Active since Jun 2022
CVE-2026-41329 WRITEUP CRITICAL WRITEUP
OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation
OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation.
CVSS 9.9
CVE-2026-41330 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.
CVSS 4.4
CVE-2026-35643 WRITEUP HIGH WRITEUP
OpenClaw < 2026.3.22 - Arbitrary Code Execution via Unvalidated WebView JavascriptInterface
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context.
CVSS 8.8
CVE-2026-35648 WRITEUP LOW WRITEUP
OpenClaw < 2026.3.22 - Policy Bypass via Unvalidated Queued Node Actions
OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands.
CVSS 3.7
CVE-2026-35649 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access control denials and restoring previously revoked permissions.
CVSS 6.5
CVE-2026-35652 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.22 - Unauthorized Action Execution via Callback Dispatch
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling unauthorized actions.
CVSS 6.5
CVE-2026-35655 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security restrictions.
CVSS 5.7
CVE-2026-35656 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limiter
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote attackers can inject forged forwarding headers to bypass canvas authentication and rate-limiting protections by masquerading as loopback clients.
CVSS 6.5
CVE-2026-35660 WRITEUP HIGH WRITEUP
OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey to bypass operator.admin requirements and reset arbitrary sessions.
CVSS 8.1
CVE-2026-35662 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.22 - Missing controlScope Enforcement in Send Action
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope validation, bypassing intended access control restrictions.
CVSS 4.3
CVE-2026-35618 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification
OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized base URL, enabling attackers to mint new verified request keys through unsigned query-only changes to signed requests.
CVSS 6.5
CVE-2026-35622 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execute unauthorized actions through the Google Chat integration.
CVSS 5.9
CVE-2026-35624 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk
OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms.
CVSS 4.2
CVE-2026-35631 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates.
CVSS 6.5
CVE-2026-35634 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket requests to Canvas routes to bypass authentication and gain unauthorized access.
CVSS 5.1
CVE-2026-35639 WRITEUP HIGH WRITEUP
OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure.
CVSS 8.8
CVE-2026-35644 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.3.22 - Credential Exposure via baseUrl Fields in Gateway Snapshots
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components.
CVSS 6.5
CVE-2026-32029 WRITEUP MEDIUM WRITEUP
OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing
OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate from configured trusted proxies, allowing attackers to spoof client IP addresses. In proxy chains that append or preserve header values, attackers can inject malicious header content to influence security decisions including authentication rate-limiting and IP-based access controls.
CVSS 5.3
CVE-2022-1707 WRITEUP MEDIUM WRITEUP
Gtm4wp Google Tag Manager < 1.15.1 - XSS
The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers.
CVSS 6.1