CVE Vulnerabilities - 3 March 2026

OpenClaw allows intrusion via IPv6 multicast addresses

GHSA-h97f-6pqj-q452

### Summary OpenClaw's SSRF IP classifier did not treat IPv6 multicast literals (`ff00::/8`) as blocked/private-internal. This allowed literal multica...

6.3

Nmap Server at Risk of Remote Command Injection

CVE-2026-3484 GHSA-xc68-rrqc-qgq3

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function ...

5.3

AliasVault Web Client: Malicious Emails Can Execute Code

CVE-2026-26266

AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting (XSS) vulnerability was identified in the e...

6.1

GLPI Inventory Plugin: Malicious Code Injection Through Reflected XSS

CVE-2026-25590

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a r...

6.1

DOMPurify: Unprotected HTML Code Can Execute Malicious Scripts

CVE-2026-0540 GHSA-v2wj-7wpq-c8vv

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in 2.5.9 and 3.3.2, contain a cross-site scripting vulnerability that allows attackers to...

7.5

DOMPurify: Malicious Code Injection Through Sanitized Text

CVE-2025-15599 GHSA-v8jm-5vwx-cfxm

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitizat...

7.5

OpenClaw allows attackers to read outside sandbox boundary

GHSA-33hm-cq8r-wc49

### Summary Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root. #...

6.1

OpenSTAManager: Hackers Can Steal User Sessions and Data

CVE-2026-24415 GHSA-jfgp-g7x7-j25j

### Summary Multiple Reflected Cross-Site Scripting (XSS) vulnerabilities in OpenSTAManager v2.9.8 allow unauthenticated attackers to execute arbitra...

5.1

Fireware OS Web UI Clicking Malicious Links Can Execute Unauthorized Code

CVE-2026-3343

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenti...

5.1

Mailparser Allows Malicious Email Code to Run on Your Browser

CVE-2026-3455 GHSA-7gmj-h9xc-mcxc

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitis...

2.0

OpenClaw: Leaked Credentials Allow Privileged Access Over Plain HTTP

GHSA-3cvx-236h-m9fj

## Description In affected releases, when an operator explicitly enabled `gateway.controlUi.allowInsecureAuth: true` and exposed the gateway over pla...

5.9

Discord Voice Chat Allows Non-Owners to Access Sensitive Tools

GHSA-wpg9-4g4v-f9rc

### Summary In `[email protected]`, the Discord voice transcript path called `agentCommand(...)` without `senderIsOwner`, and `agentCommand` defaults ...

5.9

IBM MQ Appliance 9.4 Can Be Exploited by Malicious Users

CVE-2025-14456

IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1...

5.9

IBM App Connect Operator: Sensitive Data Sent in Plain Text

CVE-2025-13490

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterp...

5.9

AWS-LC Library Leaks Information Through Encryption Speed

GHSA-65p9-r9h6-22vj

### Summary AWS-LC is an open-source, general-purpose cryptographic library. ### Impact Observable timing discrepancy in AES-CCM decryption in AWS-LC...

8.2

Dataease SQLBot JWT Token Handler signature verification bypass

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.p...

6.3

OpenClaw Allows Malicious Commands via Env Wrapper

GHSA-796m-2973-wc5q

### Summary `tools.exec` allowlist/safe-bins evaluation could diverge from runtime execution for wrapper commands using GNU `env -S/--split-string` se...

5.7

OpenClaw's browser-origin WebSocket auth gap on local loopback deployments

GHSA-jmmg-jqc7-5qf4

This issue is a browser-origin WebSocket auth chain on local loopback deployments using password auth. It is serious, but conditional: an attacker mus...

5.7

OpenClaw allows unauthorized file access when configured for sandbox mode

GHSA-27cr-4p5m-74rj

A workspace-only file-system guard mismatch allowed `@`-prefixed absolute paths to bypass boundary validation in some tool path checks. ### Impact Wh...

5.7

OpenClaw Gateway Token Leaked on Shared-User Installs

GHSA-v3j7-34xh-6g3w

### Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. ### Details Affected versions inje...

5.7

Inno Setup: Malicious DLL Can Take Over Privileged Access

CVE-2025-15595

Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions....

5.7

Command Centre Mobile Client stores sensitive data in plain text, risking data theft

CVE-2025-47147

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a l...

5.7

Gallagher VMS Integrations Expose Live Video Streams to Local Network Users

CVE-2026-20801

Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations all...

5.6

OpenClaw tar file safety checks bypassed, local service impact

GHSA-77hf-7fqf-f227

### Summary The `tar.bz2` installer path in `src/agents/skills-install-download.ts` used shell tar preflight/extract logic that did not share the same...

5.5

OpenClaw: Node camera URL payload host-binding bypass allowed gateway fetch pivots

GHSA-2858-xg23-26fp

### Summary OpenClaw accepted `camera.snap` / `camera.clip` node payload `url` fields and downloaded them on the gateway/agent host without binding do...

5.5