CVE Vulnerabilities - 13 March 2026

OpenClaw: Shared Users Can Access Admin Features

GHSA-rqpp-rjj8-7wv8

### Summary A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend co...

10.0

ClickHouse SQL Injection in OneUptime Telemetry API

GHSA-p5g2-jm85-8g35 CVE-2026-32306

### Summary The telemetry aggregation API accepts user-controlled `aggregationType`, `aggregateColumnName`, and `aggregationTimestampColumnName` para...

10.0

OpenClaw allows unauthorized device token creation with elevated access

GHSA-4jpw-hj22-2xmc

## Summary In affected versions of `openclaw`, a caller holding only `operator.pairing` could use `device.token.rotate` to mint a new token with broad...

10.0

SandboxJS allows attackers to execute arbitrary system commands

GHSA-6r9f-759j-hjgv CVE-2026-26954

### Summary It is possible to obtain arrays containing `Function`, which allows escaping the sandbox. ### Details There are various ways to get an ...

10.0

Apollo Federation: Malicious Data Can Affect Multiple Requests

GHSA-pfjj-6f4p-rvmh CVE-2026-32621

### Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of `Object.prototype` in certain scenarios. A m...

9.9

Locutus: Create Function Allows Unrestricted Code Execution

GHSA-vh9h-29pq-r5m8 CVE-2026-32304

## Summary The `create_function(args, code)` function passes both parameters directly to the `Function` constructor without any sanitization, allowin...

9.8

OpenClaw: Unauthorized Access to Admin Actions through Plugin Routes

GHSA-xw77-45gv-p728

## Summary In affected versions of `openclaw`, the plugin subagent runtime dispatched gateway methods through a synthetic operator client that always ...

9.4

Centrifugo: Malicious JWT Can Hijack Outbound HTTP Requests

GHSA-j77h-rr39-c552 CVE-2026-32301

### Summary Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (...

9.3

Dagu: Malicious Input Can Delete Important Files

GHSA-m4q3-457p-hh2x CVE-2026-31886

## 1. Vulnerability Summary The `dagRunId` request field accepted by the inline DAG execution endpoints is passed directly into `filepath.Join` to co...

9.1

Argo Workflows bypasses security settings with certain configuration

CVE-2026-31892 GHSA-3wf5-g532-rcrr BIT-argo-workflows-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11...

8.9

OpenClaw: Non-owner operator can run code outside intended workspace

GHSA-2rqg-gjgv-84jm

### Summary The public gateway `agent` RPC allowed an authenticated operator with `operator.write` to supply attacker-controlled `spawnedBy` and `wor...

8.8

OpenClaw Configuration and Debugging Pages Accessible to Authorized Users

GHSA-r7vr-gr74-94p8

### Summary OpenClaw documented `/config` and `/debug` as owner-only commands, but the command handlers checked only whether the sender was command-a...

8.8

OpenClaw: Malicious subagents can hijack sibling sessions

GHSA-4w7m-58cg-cmff

## Summary In affected versions of `openclaw`, sandboxed leaf subagents could still access the `subagents` control surface and resolve against the par...

8.8

Google Chromium Web Browser Can Run Malicious Code

CVE-2026-3910

Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacke...

8.8 KEV

Google Skia: Malicious Webpage Can Crash or Steal Data

CVE-2026-3909

Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML...

8.8 KEV

Google Clasp on Your Machine Can Run Malicious Code

GHSA-hqjg-pww4-pcgq CVE-2026-4092

### Impact Allows an attacker to perform a "Path Traversal" attack to modify files outside the projects directory, potentially allowing for running at...

8.7

SimpleEval: Malicious modules can be accessed in sandbox

GHSA-44vg-5wv2-h2hg CVE-2026-32640

### Impact If the objects passed in as `names` to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, da...

8.7

Yamux can be crashed by a malicious data frame

GHSA-vxx9-2994-q338 CVE-2026-32314

### Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than ...

8.7

Yamux Remote Crash via Malformed Window Update

GHSA-4w32-2493-32g7 CVE-2026-31814

### Sumary The Rust implementation of Yamux accepts `WindowUpdate` credit values from the remote peer and applies them to per-stream send-window state...

8.7

Poseidon V1 allows easier creation of fake data

CVE-2026-32129 GHSA-g2p6-hh5v-7hfm

## Impact Poseidon V1 (`PoseidonSponge`) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the spong...

8.7

Angular: Malicious Code Can Be Injected Through Sensitive Attributes

GHSA-g93w-mfhg-p222 CVE-2026-32635

A Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sen...

8.6

Feishu Webhook in OpenClaw Can Accept Fake Events

GHSA-g353-mgv3-8pcj

### Summary Feishu webhook mode allowed deployments that configured only `verificationToken` without `encryptKey`. In that state, forged inbound even...

8.6

OpenClaw: Running OpenClaw in untrusted repositories can execute malicious code

GHSA-99qw-6mr3-36qr

### Summary OpenClaw automatically discovered and loaded plugins from `.openclaw/extensions/` inside the current workspace without an explicit trust ...

8.5

OpenClaw: Unsecured Session Access in Subagents

GHSA-wcxr-59v9-rxr8

### Summary The built-in `session_status` tool did not enforce the intended session-visibility boundary. A sandboxed subagent could supply another se...

8.4

SimpleSAMLphp Unencrypted XML Data Exposure Due to Authentication Tag Validation Issue

GHSA-r353-4845-pr5p CVE-2026-32600

### Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker ca...

8.2