CVE Vulnerabilities - 2 March 2026

SimStudio OAuth Token Exposure on Older Versions

CVE-2026-3432

On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided w...

9.3

CGM CLININET: Unrestricted Access via Username Only

CVE-2025-30035

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the ...

9.0

OpenClaw Gateway: Unauthorized Tool Invocation and Permission Escalation

GHSA-943q-mwmv-hhvh

## Summary OpenClaw Gateway exposes an authenticated HTTP endpoint (`POST /tools/invoke`) intended for invoking a constrained set of tools. Two issue...

8.8

AFFiNE: Malicious links can run code on your computer

CVE-2026-21853

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerabil...

8.8

Master Addons for Elementor Premium plugin allows attackers to run code on your site

CVE-2026-3132

The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via th...

8.8

Chamilo Learning Management System: SQL Injection via Unvalidated User Input

CVE-2025-50189

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from ...

7.2

CGM NETRAAD imageserver Module Allows Unauthorized Database Access

CVE-2025-10350

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining a...

8.8

Out-of-bounds write flaw in Wi-Fi AP software allows unauthorized access

CVE-2026-20430

In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of p...

8.8

OpenClaw: Bypassing Node Executions' Approval Checks

GHSA-f7ww-2725-qvw2

## Summary For `host=node` executions, approval context could be bypassed after approval-time by rebinding a writable parent symlink in `cwd` while pr...

8.7

OpenClaw: Unrestricted File Access via Malicious Message Actions

GHSA-fqcm-97m6-w7rm

## Impact `sendAttachment` and `setGroupIcon` message actions could hydrate media from local absolute paths when `sandboxRoot` was unset, bypassing in...

8.7

OpenClaw: Approval Bypass via Trailing Spaces on Executable Tokens

GHSA-hwpq-rrpf-pgcq

### Summary `system.run` approvals in OpenClaw used rendered command text as the approval identity while trimming argv token whitespace. Runtime execu...

8.7

OpenClaw: Unauthorized Executable Run After Approved Action

GHSA-q399-23r3-hfx4

### Summary For `host=node` runs, approvals validated command context but did not pin executable identity for non-path-like `argv[0]` tokens (for exam...

8.7

OpenClaw Allows Malicious Internal Network Requests through Citation Redirect

GHSA-g99v-8hwm-g76g

### Summary Gemini `web_search` citation redirect resolution used a private-network-allowing SSRF policy. A citation URL redirect could target loopbac...

8.7

OpenClaw allows unauthorized access to owner-only tools

GHSA-jr6x-2q95-fh2g

### Summary An authorization mismatch allowed authenticated callers with `operator.write` access to invoke owner-only tool surfaces (`gateway`, `cron`...

8.7

OpenClaw: Files outside sandbox root can be read from media

GHSA-7xmq-g46g-f8pv

### Summary Sandbox media handling had a time-of-check/time-of-use gap: media paths could be validated first and read later through a separate path. A...

8.7

OpenClaw: Files Can Be Created or Truncated Outside of Allowed Area

GHSA-x82f-27x3-q89c

### Summary A symlink-retarget TOCTOU race in `writeFileWithinRoot` could point an attacker-controlled path alias outside the configured root between ...

8.7

Idno Allows Admins to Run Malicious Code on Server

CVE-2026-28507 GHSA-37j7-56xc-c468

**Affected Versions:** Tested on current `dev` branch (build fingerprint `505[...]7bd86`) **CVSS v4 Score:** 8.6 ([CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N...

8.6

OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments

GHSA-5v6x-rfc3-7qfr

### Summary A Windows `system.run` approval-integrity mismatch in the `cmd.exe /c` path could allow trailing arguments to execute while approval/audit...

8.5

Android ActivityManagerService vulnerable to local privilege escalation

CVE-2026-0047

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check...

8.4

Arbitrary Code Execution in mem_protect.c

CVE-2026-0038

In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local e...

8.4

Adobe Flash Player's ffa.c Code Has a Memory Corruption Risk

CVE-2026-0037

In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privile...

8.4

Out of Bounds Write Vulnerability in Adobe Acrobat mem_protect.c

CVE-2026-0031

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of pri...

8.4

Incorrect Bounds Check in Mem Protect Allows Local Privilege Escalation

CVE-2026-0030

In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local ...

8.4

Linux Kernel Vulnerability: Privilege Escalation Through Memory Corruption

CVE-2026-0029

In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege ...

8.4

Out of bounds write in mem_protect.c could lead to local privilege escalation

CVE-2026-0028

In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation o...

8.4