Common Weakness Enumeration

CWE-15

Allowed

External Control of System or Configuration Setting

Abstraction: Base · Status: Incomplete

One or more system settings or configuration elements can be externally controlled by a user.

136 vulnerabilities reference this CWE, most recent first.

GHSA-39PP-XP36-Q6MG

Vulnerability from github – Published: 2026-03-26 19:51 – Updated: 2026-04-10 19:41
VLAI
Summary
OpenClaw has Inconsistent Host Exec Environment Override Sanitization
Details

Summary

Gateway host exec env override handling did not consistently apply the shared host environment policy, so blocked or malformed override keys could slip through inconsistent sanitization paths.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: < 2026.3.22
  • Fixed: >= 2026.3.22
  • Latest released tag checked: v2026.3.23-2 (630f1479c44f78484dfa21bb407cbe6f171dac87)
  • Latest published npm version checked: 2026.3.23-2

Fix Commit(s)

  • 7abfff756d6c68d17e21d1657bbacbaec86de232

Release Status

The fix shipped in v2026.3.22 and remains present in v2026.3.23 and v2026.3.23-2.

Code-Level Confirmation

  • src/infra/host-env-security.ts now provides one shared sanitizer and fail-closed diagnostics for blocked or malformed override keys.
  • src/agents/bash-tools.exec.ts and src/node-host/invoke-system-run.ts both route env overrides through the shared sanitizer before execution.

OpenClaw thanks @zpbrent for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-693"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-26T19:51:12Z",
    "nvd_published_at": "2026-04-10T17:17:05Z",
    "severity": "HIGH"
  },
  "details": "## Summary\nGateway host exec env override handling did not consistently apply the shared host environment policy, so blocked or malformed override keys could slip through inconsistent sanitization paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: \u003c 2026.3.22\n- Fixed: \u003e= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `7abfff756d6c68d17e21d1657bbacbaec86de232`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/infra/host-env-security.ts now provides one shared sanitizer and fail-closed diagnostics for blocked or malformed override keys.\n- src/agents/bash-tools.exec.ts and src/node-host/invoke-system-run.ts both route env overrides through the shared sanitizer before execution.\n\nOpenClaw thanks @zpbrent for reporting.",
  "id": "GHSA-39pp-xp36-q6mg",
  "modified": "2026-04-10T19:41:04Z",
  "published": "2026-03-26T19:51:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-39pp-xp36-q6mg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35650"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/7abfff756d6c68d17e21d1657bbacbaec86de232"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-bypass-via-inconsistent-sanitization"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw has Inconsistent Host Exec Environment Override Sanitization"
}

GHSA-3QPV-XF3V-MM45

Vulnerability from github – Published: 2026-04-02 21:00 – Updated: 2026-05-06 23:22
VLAI
Summary
OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code
Details

Summary

Workspace .env can override the bundled hooks root and load attacker hook code

Current Maintainer Triage

  • Status: open
  • Normalized severity: high
  • Assessment: v2026.3.28 still lets workspace .env override OPENCLAW_BUNDLED_HOOKS_DIR, which can replace trusted default-on bundled hooks from an untrusted workspace.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version: 2026.3.31
  • Vulnerable version range: <=2026.3.28
  • Patched versions: >= 2026.3.31
  • First stable tag containing the fix: v2026.3.31

Fix Commit(s)

  • 330a9f98cb29c79b1c16a2117e03d6276a0d6289 — 2026-03-31T19:25:12+09:00

OpenClaw thanks @nexrin for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.28"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-829"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-02T21:00:16Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\nWorkspace `.env` can override the bundled hooks root and load attacker hook code\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: v2026.3.28 still lets workspace .env override OPENCLAW_BUNDLED_HOOKS_DIR, which can replace trusted default-on bundled hooks from an untrusted workspace.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.28`\n- Patched versions: `\u003e= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `330a9f98cb29c79b1c16a2117e03d6276a0d6289` \u2014 2026-03-31T19:25:12+09:00\n\nOpenClaw thanks @nexrin for reporting.",
  "id": "GHSA-3qpv-xf3v-mm45",
  "modified": "2026-05-06T23:22:25Z",
  "published": "2026-04-02T21:00:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3qpv-xf3v-mm45"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41336"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-hook-code-execution-via-openclaw-bundled-hooks-dir-environment-variable-override"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code"
}

GHSA-3QQR-CH4P-VC36

Vulnerability from github – Published: 2025-01-14 15:30 – Updated: 2025-11-04 00:32
VLAI
Details

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the ftp_name POST parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T15:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter.",
  "id": "GHSA-3qqr-ch4p-vc36",
  "modified": "2025-11-04T00:32:16Z",
  "published": "2025-01-14T15:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39788"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2056"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WCF-X7XM-RW82

Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18
VLAI
Details

Some API functions allow interaction with the registry, which includes reading values as well as data modification.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-22T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Some API functions allow interaction with the registry, which includes reading values as well as data modification.",
  "id": "GHSA-4wcf-x7xm-rw82",
  "modified": "2022-05-24T19:18:40Z",
  "published": "2022-05-24T19:18:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38453"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-292-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5429-V87Q-PG8H

Vulnerability from github – Published: 2026-01-13 03:32 – Updated: 2026-01-13 03:32
VLAI
Details

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T02:15:51Z",
    "severity": "MODERATE"
  },
  "details": "SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges  to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.",
  "id": "GHSA-5429-v87q-pg8h",
  "modified": "2026-01-13T03:32:08Z",
  "published": "2026-01-13T03:32:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0495"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3565506"
    },
    {
      "type": "WEB",
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-583G-G682-CRXF

Vulnerability from github – Published: 2024-02-09 15:19 – Updated: 2024-02-09 15:19
VLAI
Summary
Micronaut management endpoints vulnerable to drive-by localhost attack
Details

Summary

Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought.

Details

A malicious/compromised website can make HTTP requests to localhost. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.

Impact

Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.micronaut:micronaut-http-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.micronaut:micronaut-http-server-netty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.micronaut:micronaut-http-server-tck"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-23639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-610",
      "CWE-664"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T15:19:15Z",
    "nvd_published_at": "2024-02-09T01:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nEnabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought.\n\n### Details\nA malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are [\"simple\"](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests) and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.\n\n### Impact\nProduction environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development.\n",
  "id": "GHSA-583g-g682-crxf",
  "modified": "2024-02-09T15:19:15Z",
  "published": "2024-02-09T15:19:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23639"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/pull/8642"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/commit/01adb21e57137caaf7004313d2055c5a78b1f47b"
    },
    {
      "type": "WEB",
      "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/micronaut-projects/micronaut-core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Micronaut management endpoints vulnerable to drive-by localhost attack"
}

GHSA-5CPH-WVM9-45GJ

Vulnerability from github – Published: 2024-11-21 22:21 – Updated: 2024-11-21 22:21
VLAI
Summary
Flowise OverrideConfig security vulnerability
Details

Impact

Flowise allows developers to inject configuration into the Chainflow during execution through the overrideConfig option. This is supported in both the frontend web integration and the backend Prediction API.

This has a range of fundamental issues that are a major security vulnerability. While this feature is intentional, it should have strong protections added and be disabled by default.

These issues include: 1. Remote code execution. While inside a sandbox this allows for 1. Sandbox escape 2. DoS by crashing the server 3. SSRF 2. Prompt Injection, both System and User 1. Full control over LLM prompts 2. Server variable and data exfiltration And many many more such as altering the flow of a conversation, prompt exfiltration via LLM proxying etc.

These issues are self-targeted and do not persist to other users but do leave the server and business exposed. All issues are shown with the API but also work with the web embed.

Workarounds

  • overrideConfig should be disabled by default
  • overrideConfig should have an explicit allow list of variables that are allowed to be modified. This way the user opts-in to where modifications can be made.
  • vm2 and any forks of it should be removed as in the authors own words, "fixing the vulnerability seems impossible". The recommended replacement is https://www.npmjs.com/package/isolated-vm
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "flowise"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-21T22:21:03Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nFlowise allows developers to inject configuration into the Chainflow during execution through the `overrideConfig` option. This is supported in both the frontend web integration and the backend Prediction API. \n\nThis has a range of fundamental issues that are a **major** security vulnerability. \nWhile this feature is intentional, it should have strong protections added and be disabled by default. \n\nThese issues include: \n1. Remote code execution. While inside a sandbox this allows for\n  1. Sandbox escape \n  2. DoS by crashing the server\n  3. SSRF\n2. Prompt Injection, both System and User\n  1. Full control over LLM prompts\n  2. Server variable and data exfiltration\nAnd many many more such as altering the flow of a conversation, prompt exfiltration via LLM proxying etc.\n\nThese issues are self-targeted and do not persist to other users but do leave the server and business exposed. \nAll issues are shown with the API but also work with the web embed.\n\n### Workarounds\n- `overrideConfig` should be disabled by default\n- `overrideConfig` should have an explicit allow list of variables that are allowed to be modified. This way the user opts-in to where modifications can be made. \n- `vm2` and any forks of it should be removed as in the authors own words, \"fixing the vulnerability seems impossible\". The recommended replacement is https://www.npmjs.com/package/isolated-vm",
  "id": "GHSA-5cph-wvm9-45gj",
  "modified": "2024-11-21T22:21:03Z",
  "published": "2024-11-21T22:21:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5cph-wvm9-45gj"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FlowiseAI/Flowise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Flowise OverrideConfig security vulnerability"
}

GHSA-5GQQ-CH9P-4H64

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-18 15:31
VLAI
Details

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0418"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:16:59Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient configuration management in the listed devices\u00a0allows authenticated administrators connected to the local network\nto tamper with the system.",
  "id": "GHSA-5gqq-ch9p-4h64",
  "modified": "2026-06-18T15:31:55Z",
  "published": "2026-06-09T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0418"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax45"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax48"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax50"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax50s"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax75"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax80"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/raxe450"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/raxe500"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rbr750"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rbr840"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rbr850"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rbre960"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rbs750"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rbs840"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rbs850"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rbse960"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rs700"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/xr1000"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/cbr750"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/ex6120"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/ex6130"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/mr60"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/mr70"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/mr80"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/ms60"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/ms70"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/ms80"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax15"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax20"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax200"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax35v2"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax38v2"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax40v2"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax42"
    },
    {
      "type": "WEB",
      "url": "https://www.netgear.com/support/product/rax43"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:D/RE:L/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5H2C-8V84-QPVR

Vulnerability from github – Published: 2026-03-03 21:39 – Updated: 2026-03-03 21:39
VLAI
Summary
OpenClaw shell-env fallback trusted startup env and could execute attacker-influenced login-shell paths
Details

Summary

OpenClaw shell-env fallback trusted startup environment values and could execute attacker-influenced login-shell startup paths before loading env keys.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: >= 2026.1.5 and <= 2026.2.21-2
  • Fixed on main: 9363c320d8ffe29290906752fab92621da02c3f7
  • Planned patched release version (pre-set): 2026.2.22

Details

The vulnerable chain was in the shell-env fallback path:

  1. src/infra/shell-env.ts
  2. resolveShell(env) trusted env.SHELL when set.
  3. execLoginShellEnvZero(...) executed ${SHELL} -l -c "env -0" with inherited runtime env.

  4. src/config/io.ts

  5. Config env values were applied before shell fallback execution.

  6. src/config/env-vars.ts / env policy coverage

  7. SHELL handling was hardened, but startup-path selectors (HOME, ZDOTDIR) still needed explicit blocking in config env ingestion and sanitization for shell fallback execution.

With env/config influence, this could trigger unintended command execution in shell startup processing on the OpenClaw host process context.

Fix

Mainline hardening now: - blocks SHELL, HOME, and ZDOTDIR during config env ingestion used by runtime fallback, - sanitizes shell fallback execution env, pinning HOME to the real user home and dropping ZDOTDIR + dangerous startup vars, - adds regression tests for config env ingestion and shell fallback/path-probe sanitization.

Fix Commit(s)

  • 9363c320d8ffe29290906752fab92621da02c3f7

Impact

  • Local code-execution risk in environments where attacker-controlled env/config input can reach shell-env fallback.
  • Under OpenClaw trust assumptions (SECURITY.md), this is not a public-remote issue and depends on crossing local trusted-operator boundaries.

Release Process Note

patched_versions is intentionally pre-set to the planned next release (2026.2.22) so once npm release is out, maintainers can publish advisory immediately.

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T21:39:51Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nOpenClaw shell-env fallback trusted startup environment values and could execute attacker-influenced login-shell startup paths before loading env keys.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `\u003e= 2026.1.5` and `\u003c= 2026.2.21-2`\n- Fixed on `main`: `9363c320d8ffe29290906752fab92621da02c3f7`\n- Planned patched release version (pre-set): `2026.2.22`\n\n### Details\nThe vulnerable chain was in the shell-env fallback path:\n\n1. `src/infra/shell-env.ts`\n- `resolveShell(env)` trusted `env.SHELL` when set.\n- `execLoginShellEnvZero(...)` executed `${SHELL} -l -c \"env -0\"` with inherited runtime env.\n\n2. `src/config/io.ts`\n- Config env values were applied before shell fallback execution.\n\n3. `src/config/env-vars.ts` / env policy coverage\n- `SHELL` handling was hardened, but startup-path selectors (`HOME`, `ZDOTDIR`) still needed explicit blocking in config env ingestion and sanitization for shell fallback execution.\n\nWith env/config influence, this could trigger unintended command execution in shell startup processing on the OpenClaw host process context.\n\n### Fix\nMainline hardening now:\n- blocks `SHELL`, `HOME`, and `ZDOTDIR` during config env ingestion used by runtime fallback,\n- sanitizes shell fallback execution env, pinning `HOME` to the real user home and dropping `ZDOTDIR` + dangerous startup vars,\n- adds regression tests for config env ingestion and shell fallback/path-probe sanitization.\n\n### Fix Commit(s)\n- `9363c320d8ffe29290906752fab92621da02c3f7`\n\n### Impact\n- Local code-execution risk in environments where attacker-controlled env/config input can reach shell-env fallback.\n- Under OpenClaw trust assumptions (`SECURITY.md`), this is not a public-remote issue and depends on crossing local trusted-operator boundaries.\n\n### Release Process Note\n`patched_versions` is intentionally pre-set to the planned next release (`2026.2.22`) so once npm release is out, maintainers can publish advisory immediately.\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-5h2c-8v84-qpvr",
  "modified": "2026-03-03T21:39:51Z",
  "published": "2026-03-03T21:39:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h2c-8v84-qpvr"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/9363c320d8ffe29290906752fab92621da02c3f7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw shell-env fallback trusted startup env and could execute attacker-influenced login-shell paths"
}

GHSA-5WMQ-F28X-GGG6

Vulnerability from github – Published: 2025-01-14 15:30 – Updated: 2025-11-04 00:32
VLAI
Details

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the ftp_max_sessions POST parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T15:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter.",
  "id": "GHSA-5wmq-f28x-ggg6",
  "modified": "2025-11-04T00:32:17Z",
  "published": "2025-01-14T15:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39790"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2056"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation
Implementation Architecture and Design

Because setting manipulation covers a diverse set of functions, any attempt at illustrating it will inevitably be incomplete. Rather than searching for a tight-knit relationship between the functions addressed in the setting manipulation category, take a step back and consider the sorts of system values that an attacker should not be allowed to control.

Mitigation
Implementation Architecture and Design

In general, do not allow user-provided or otherwise untrusted data to control sensitive values. The leverage that an attacker gains by controlling these values is not always immediately obvious, but do not underestimate the creativity of the attacker.

CAPEC-13: Subverting Environment Variable Values

The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target software to deviate from its expected operation in a manner that benefits the adversary.

CAPEC-146: XML Schema Poisoning

An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema.

CAPEC-176: Configuration/Environment Manipulation

An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.

CAPEC-203: Manipulate Registry Information

An adversary exploits a weakness in authorization in order to modify content within a registry (e.g., Windows Registry, Mac plist, application registry). Editing registry information can permit the adversary to hide configuration information or remove indicators of compromise to cover up activity. Many applications utilize registries to store configuration and service information. As such, modification of registry information can affect individual services (affecting billing, authorization, or even allowing for identity spoofing) or the overall configuration of a targeted application. For example, both Java RMI and SOAP use registries to track available services. Changing registry values is sometimes a preliminary step towards completing another attack pattern, but given the long term usage of many registry values, manipulation of registry information could be its own end.

CAPEC-270: Modification of Registry Run Keys

An adversary adds a new entry to the "run keys" in the Windows registry so that an application of their choosing is executed when a user logs in. In this way, the adversary can get their executable to operate and run on the target system with the authorized user's level of permissions. This attack is a good way for an adversary to run persistent spyware on a user's machine, such as a keylogger.

CAPEC-271: Schema Poisoning

An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content definitions for resources used by an application. By replacing or modifying a schema, the adversary can affect how the application handles or interprets a resource, often leading to possible denial of service, entering into an unexpected state, or recording incomplete data.

CAPEC-579: Replace Winlogon Helper DLL

Winlogon is a part of Windows that performs logon actions. In Windows systems prior to Windows Vista, a registry key can be modified that causes Winlogon to load a DLL on startup. Adversaries may take advantage of this feature to load adversarial code at startup.

CAPEC-69: Target Programs with Elevated Privileges

This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.