CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.07)
OpenClaw before version 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious Node.js control variables.
OpenClaw before version 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers can supply a group ID to the policy resolver, potentially triggering incorrect group-policy decisions for tool invocations.
OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local paths, potentially executing malicious code during dependency resolution.
OpenClaw before version 2026.5.3 contains a policy enforcement vulnerability that allows Zalo contacts with mutable display metadata to match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent responses intended for different Zalo identities when the feature is enabled.
OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters.
OpenClaw before version 2026.5.12 contains a vulnerability that allows bypassing argument pattern validation in the exec allowlist. Attackers can invoke allowlisted executables with unrestricted arguments, potentially leading to unauthorized file access, network access, or command execution.
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers can change their display name to match a policy entry and gain unauthorized agent access intended for another Discord identity.
OpenClaw before version 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager executables during dependency setup.
OpenClaw before version 2026.5.26 contains an authorization bypass vulnerability that allows a surviving pairing-scoped device session to re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval.
OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDK_PYTHON variable to execute setup through unintended local Python paths, potentially enabling arbitrary code execution.
OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers can exploit this vulnerability to exfiltrate sensitive headers like API keys or tenant-routing credentials.
A vulnerability in the Microsoft Malware Protection Engine in Microsoft Defender allows elevation of privilege. This flaw, publicly known as "RoguePlanet", could be exploited by an attacker to gain higher privileges on the system.
A heap-based buffer overflow vulnerability in DNG SDK versions 1.7.1 2536 and earlier allows arbitrary code execution in the context of the current user. Exploitation requires user interaction to open a malicious file.
The stable-diffusion.cpp library has a heap buffer overflow vulnerability in the SHORT_BINUNICODE handler when parsing PyTorch checkpoint files. Versions prior to master-584-0a7ae07 are susceptible to attacks that may lead to heap corruption and potential code execution.
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.
The update_disk_psu_baseline.sh script requires a password in plain text, which poses a risk of exposing sensitive information.
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before version 0.6.79 could be exploited by attackers operating a malicious DHCP server to execute code on the local machine.
Yeoman Environment versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. This can lead to unauthorized package installation and code execution if an attacker controls the project configuration.
The NVIDIA NeMo Framework for Linux contains a vulnerability that allows an attacker to deserialize untrusted data. A successful exploit may lead to code execution, privilege escalation, data tampering, and information disclosure.
The NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

