9.4
CVE-2026-32922 - OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate
OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokensβ¦
6.9
CVE-2026-32919 - OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding β¦
9.2
CVE-2026-32918 - OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persβ¦
9.3
CVE-2026-32915 - OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause exeβ¦
8.7
CVE-2026-32914 - OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints
OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted toβ¦
8.7
CVE-2026-5044 - Belkin F9K1122 Setting formSetSystemSettings stack-based overflow
A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be executeβ¦
8.7
CVE-2026-5043 - Belkin F9K1122 Parameter formSetPassword stack-based overflow
A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is pβ¦
8.7
CVE-2026-5042 - Belkin F9K1122 Parameter formCrossBandSwitch stack-based overflow
A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launβ¦
5.1
CVE-2026-5041 - code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection
A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The exploiβ¦
4.8
CVE-2026-5037 - mxml mxmlIndexNew mxml-index.c index_sort stack-based overflow
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit hasβ¦