6.5
CVE-2026-1292 - Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
8.6
CVE-2026-27001 - OpenClaw: Unsanitized CWD path injection into LLM prompts
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters (for exampleβ¦
5.3
CVE-2026-2605 - Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
4.7
CVE-2026-2408 - Use-after-free in Cloud Workloads
Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.
6.3
CVE-2026-2435 - ASSET-7706
Tanium addressed a SQL injection vulnerability in Asset.
6.7
CVE-2026-26972 - OpenClaw has a Path Traversal in Browser Download Functionality
OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads direcβ¦
7.1
CVE-2026-26329 - OpenClaw has a path traversal in browser upload allows local file read
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's `upload` action. The server passed these paths to Playwright's `setInputFiles()` APIsβ¦
6.5
CVE-2026-26328 - OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue.
1.7
CVE-2026-26958 - filippo.io/edwards25519 MultiScalarMult function produces invalid results or undefined behavior if β¦
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult β¦
7.1
CVE-2026-26327 - OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning
OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning β¦