CVE Vulnerabilities - 3 March 2026

LLM-Claw Agent Deployment Function Allows Remote Code Execution

CVE-2025-12345

A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the fil...

7.4

Page Builder by SiteOrigin plugin for WordPress allows attackers to access server files

CVE-2026-2448

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_...

8.8

WordPress plugin allows attackers to gain admin access via password reset

CVE-2026-1566

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in a...

8.8

OpenClaw ZIP Extraction Can Write Outside Intended Directory

GHSA-r54r-wmmq-mh84

### Summary ZIP extraction in OpenClaw could be raced into writing outside the intended destination directory via parent-directory symlink rebind betw...

8.7

iMessage Attachment Path Validation Bypass in OpenClaw

GHSA-x9cf-3w63-rpq9

### Summary When iMessage remote attachment fetching is enabled (`channels.imessage.remoteHost`), `stageSandboxMedia` accepted arbitrary absolute path...

8.7

OpenClaw System Runs Can Be Hijacked Via Symlink Attack

GHSA-mwcg-wfq3-4gjc

### Summary In `[email protected]`, approval-bound `system.run` on node hosts could be influenced by mutable symlink `cwd` targets between approval a...

8.7

OpenClaw MSTeams Attachment Redirect Bypass on Allowlisted Hosts

GHSA-w76h-8m22-hpgh

## Summary In OpenClaw MSTeams media download flows, redirect handling could bypass configured `mediaAllowHosts` checks in specific attachment paths. ...

8.7

Mitsubishi Electric MELSEC iQ-F Series: Remote Denial of Service

CVE-2026-1876

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all ...

8.7

Mitsubishi Electric MELSEC iQ-F Series Products Can Crash with Malicious UDP Packets

CVE-2026-1875

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versi...

8.7

Mitsubishi Electric MELSEC Modules: Remote DoS Attack Possible

CVE-2026-1874

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/...

8.7

OpenClaw allows attackers to inject code during startup

GHSA-8fmp-37rc-p5g7

### Summary OpenClaw allowed dangerous process-control environment variables from `env.vars` (for example `NODE_OPTIONS`, `LD_*`, `DYLD_*`) to flow in...

8.6

OpenClaw's system.run Command Can Execute Hidden Commands

GHSA-6rcp-vxwf-3mfp

### Summary In `openclaw` up to and including **2026.2.23** (latest npm release as of **February 25, 2026**), `system.run` shell-wrapper inputs could ...

8.6

OpenClaw Windows Lobster Tool Allows Malicious Code Execution

GHSA-7fcc-cw49-xm78

## Summary The Lobster extension tool execution path used a Windows shell fallback (`shell: true`) after spawn failures (`EINVAL`/`ENOENT`). In that ...

8.6

OpenClaw Windows Scheduled Task Generation Allows Unwanted Command Execution

GHSA-mqr9-vqhq-3jxw

### Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated `gateway.cmd` files. In vulnerable version...

8.5

OpenClaw allows execution of malicious programs from Homebrew directory

GHSA-p4wh-cr8m-gm6c

### Summary `shell-env` fallback trusted prefix-based executable paths for `$SHELL`, allowing execution of attacker-controlled binaries in local/runti...

8.5

OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)

GHSA-5gj7-jf77-q2q2

### Summary In `openclaw<=2026.2.23`, safe-bin trust in allowlist mode relied on static default trusted directories that included package-manager path...

8.5

iBoysoft NTFS for Mac: Unauthenticated Root Access via Local Service

CVE-2026-2637

iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnect...

8.5

OpenClaw Docker Images Run as Root

GHSA-w7j5-j98m-w679

Three Dockerfiles in scripts/docker/ and scripts/e2e/ lack a USER directive, meaning all processes run as uid 0 (root). If any process is compromised,...

8.4

Nokia IMPACT: Attacker can access sensitive database data

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpo...

8.2

Poly Voice Device Test Key and Certificate Exposed to Unauthorized Access

CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certifica...

8.2

FreeScout 1.8.206 and earlier allows malicious file uploads

CVE-2026-28289

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.20...

8.1

OpenEMR Leaks Secrets, Exposing Payment Gateway Access

CVE-2026-25146

OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at lea...

8.1

OpenClaw: Unauthorized Access to Host ACP

GHSA-474h-prjg-mmw3

### Summary Sandboxed `sessions_spawn(runtime="acp")` could bypass sandbox inheritance and initialize host-side ACP runtime. The fix now fail-closes A...

8.1

Nokia IMPACT allows attackers to change settings through fake requests

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrit...

8.1

Libbiosig 3.9.2 and Master Branch: Malicious Files Can Run Unwanted Code

CVE-2026-20777

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db...

8.1