6.1
CVE-2026-26963 - Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption arโฆ
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6.
6.9
CVE-2026-26957 - Libredesk has an SSRF Vulnerability via Webhooks
Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal desโฆ
5.8
CVE-2026-27009 - OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline scripโฆ
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity (name/avatar) into an inline `<script>` tag without script-context-safe escaping. A crafted value containing `</script>` could break out of the script tagโฆ
6.8
CVE-2026-27008 - OpenClaw hardened the skill download target directory validation
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in `download` skill installation allowed `targetDir` values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the admin-only `skills.install` flow, this could write files outsiโฆ
4.8
CVE-2026-27007 - OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClโฆ
6.9
CVE-2026-27004 - OpenClaw session tool visibility hardening and Telegram webhook secret fallback
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools (`sessions_list`, `sessions_history`, `sessions_send`) allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issueโฆ
7.8
CVE-2026-26959 - ADB Explorer Vulnerable to RCE via Insufficient Input Validation
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with the privileges of the current user. An attacker can eโฆ
6.9
CVE-2026-27003 - OpenClaw: Telegram bot token exposure via logs
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces (for example, when request URLs include `https://api.telegram.org/bot<token>/...`). Prior to version 2026.2.15, OpenClaw logged these strings without redaction, which could leak the bot token intoโฆ
7.7
CVE-2026-27002 - OpenClaw: Docker container escape via unvalidated bind mount config injection
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 blockโฆ
6.5
CVE-2026-2350 - Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and โฆ
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.