Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

GHSA-q58p-x48c-c32cCVE-2026-62203
0

OpenClaw versions before 2026.6.6 have a vulnerability in the host exec environment variable filtering that fails to properly sanitize rustup startup variables. This flaw allows attackers with limited trust or specific input path configurations to execute or persist actions beyond their authorized level. The vulnerability is categorized under CWE-184 (Improper Access Control) and is assessed as high severity.

Join the discussion
GHSA-q7vf-83cx-xc54CVE-2026-62205
0

OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger authorization or policy check. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path. The issue is fixed in 2026.6.6.

Join the discussion
GHSA-qhfj-5gcr-fpxqCVE-2026-62202
0

OpenClaw versions 2026.6.1 before 2026.6.9 contain a privilege escalation vulnerability in isolated cron jobs that allows lower-trust callers to regain denied execution tools. Attackers can execute or persist actions beyond their intended authorization by leveraging misconfigured input paths in the affected cron feature.

Join the discussion
GHSA-8x5v-5gh2-qr2jCVE-2026-62209
0

OpenClaw versions before 2026.6.5 contain an authorization bypass vulnerability in the ClickClack agent-mode dispatch feature. This flaw allows the toolsAllow policy check to be ignored, potentially enabling lower-trust callers or configured input paths to perform actions requiring stronger authorization. The vulnerability is categorized under CWE-863 (Incorrect Authorization). No patch or fix information is currently provided.

Join the discussion
GHSA-4cxx-m26f-jmx8CVE-2026-62218
0

OpenClaw versions before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature. This flaw allows lower-trust callers to bypass role-management checks and perform actions that normally require stronger authorization.

Join the discussion
GHSA-rv8f-q23g-2wjxCVE-2026-62217
0

OpenClaw versions before 2026.5.27 contain an authorization flaw in the QQBot exec approvals feature. This flaw allows lower-trust callers or configured input paths to execute or persist actions beyond their intended authorization. As a result, non-allowlisted senders may perform unauthorized operations when the feature is enabled and reachable.

Join the discussion
GHSA-7m8v-vm4p-2vf4CVE-2026-62222
0

OpenClaw versions before 2026.5.22 have a vulnerability in the setup-mode discovery process that permits loading untrusted workspace plugins. This flaw allows attackers with lower-trust caller access or control over configured input paths to execute or maintain actions beyond their authorized level.

Join the discussion
GHSA-7x86-836h-h8c5CVE-2026-62190
0

OpenClaw versions before 2026.6.9 have an authorization bypass vulnerability in the flock wrapper. This flaw allows lower-trust callers to perform or persist actions beyond their intended permissions by exploiting configured input paths. The vulnerability occurs when the affected feature is enabled, enabling attackers to bypass durable exec approval binding and carry out unauthorized operations.

Join the discussion
GHSA-j48q-3j3c-39frCVE-2026-62192
0

OpenClaw versions 2026.6.6 before 2026.6.9 have an authorization bypass vulnerability affecting Discord guild actions. This flaw allows lower-trust callers to perform actions that normally require stronger authorization. The vulnerability arises from misconfigured input paths that enable skipping cross-provider requester authorization, leading to execution of restricted operations.

Join the discussion
GHSA-qhh8-mfpm-5j6cCVE-2026-62186
0

OpenClaw versions before 2026.6.8 have an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides. This flaw allows lower-trust callers to perform actions that normally require stronger authorization. Exploitation involves misconfigured input paths that bypass admin authorization policies and enable execution of restricted operations.

Join the discussion

Showing 1 to 10 of 15 results

Filters:Package: pkg:github/openclaw/openclaw
Page 1 of 2
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses