CVE Vulnerabilities - 3 April 2026

An attacker can use Azure Databricks to access and control systems on your network without permission. This could allow them to steal data, disrupt operations, or install malware. To protect your comp...

An attacker can access and control Azure Kubernetes Service resources without permission, potentially leading to unauthorized changes or data breaches. This affects organizations that use Azure Kubern...

An unauthorized user can gain elevated privileges on a network by exploiting a weakness in Azure AI Foundry's authorization process. This means they could potentially access or tamper with sensitive d...

An attacker with permission to manage Azure Custom Locations can use this issue to gain control over network resources. This could allow them to access sensitive data or disrupt services. Users should...

A security issue in OpenClaw allows attackers to escape from a safe area of the system and access sensitive information. This affects users who are running version 2026.3.28 or earlier of the OpenClaw...

OpenClaw software allows attackers to access files outside a safe area, potentially leading to unauthorized data access or modification. This issue affects versions of OpenClaw installed through npm b...

A mistake in Azure MCP Server's authentication process makes it possible for unauthorized users to access sensitive information over the network. This means that an attacker could potentially see conf...

If an attacker controls the workspace environment variables, they can potentially bypass security settings in OpenClaw. This is a high-risk issue, but it requires an attacker to have control over the ...

An attacker can take control of a gateway computer if they have access to a paired node that is not properly secured. This is a serious issue because it allows an attacker to execute arbitrary code on...

OpenClaw versions up to 2026.3.28 have a security flaw that allows a hacker to access and manipulate files on the system. This is due to unrestricted file syncing and the ability to create symlinks, w...

The OpenClaw software has a security weakness that could allow an attacker to gain more access than they should during the initial setup process. This is a serious issue, as it could potentially lead ...

## Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode ## Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses tr...

An attacker can exploit a weakness in the Azure SRE Agent to access sensitive information sent over a network if they don't have permission to do so. This could lead to the exposure of confidential da...

A security issue in OpenClaw version 2026.3.28 and earlier allows attackers to steal sensitive information when a user downloads media from a different website. This is a medium-risk vulnerability tha...

Electron apps that share video data between browser and Node.js environments are at risk of being compromised by an attacker who can inject malicious code. To fix, avoid sharing video frames directly ...

A security issue was found in OpenClaw, a library used by developers. A malicious agent could bypass the need for user approval to execute certain actions, potentially leading to unauthorized changes....

If you're using Electron to create apps with child windows and also render content offscreen, be aware that this setup can cause your app to crash or become unstable. To fix this, make sure to close c...

The OpenClaw software processes Discord audio before checking if the user is authorized, potentially exposing sensitive information. This could happen to anyone using an outdated version of OpenClaw. ...

An unsecured device can access sensitive host commands, potentially allowing an attacker to take control of the host system. This vulnerability affects devices paired with OpenClaw version 2026.3.28 o...

If you use Electron to build desktop apps, be careful when using user input to configure your app's settings. An attacker could trick your app into disabling security features by injecting malicious c...

A security issue in OpenClaw's node browser proxy allows an attacker to bypass access controls and gain unauthorized access to profiles. This means that sensitive data may be exposed if you're using a...

Some Electron apps that ask users for permission to use their computer in fullscreen, pointer-lock, or keyboard-lock mode may crash or become unstable if a user navigates away or closes the window whi...

The Sudo software has a security issue where certain errors during user privilege changes can lead to unauthorized access. This affects users who rely on Sudo for secure access to system features. To ...

A security flaw in OpenClaw allows an untrusted model to replace critical compiler binaries, which could potentially lead to malicious code being executed. This issue affects versions of OpenClaw up t...

A high-risk issue exists in OpenClaw versions up to 2026.3.28, where a workspace's .env file can override the trust settings for bundled plugins. This could allow an attacker to gain unauthorized acce...