Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CVE-2026-5124 (GCVE-0-2026-5124)
Vulnerability from cvelistv5 – Published: 2026-03-30 16:15 – Updated: 2026-03-30 18:39 X_Open Source
VLAI
Title
osrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access control
Summary
A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is told to be difficult. The identifier of the patch is f0f24a2a901cbf159260698211ab15c583ced131. To fix this issue, it is recommended to deploy a patch.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354156 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/354156/cti | signaturepermissions-required |
| https://vuldb.com/submit/780189 | third-party-advisory |
| https://github.com/osrg/gobgp/pull/3340 | issue-trackingpatch |
| https://github.com/osrg/gobgp/commit/f0f24a2a901c… | patch |
| https://github.com/osrg/gobgp/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T18:39:39.298762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T18:39:46.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"BGP Header Handler"
],
"product": "GoBGP",
"vendor": "osrg",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sunxj (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is told to be difficult. The identifier of the patch is f0f24a2a901cbf159260698211ab15c583ced131. To fix this issue, it is recommended to deploy a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T16:15:12.565Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354156 | osrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/354156"
},
{
"name": "VDB-354156 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354156/cti"
},
{
"name": "Submit #780189 | osrg GoBGP 4.3.0 Improper Input Validation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/780189"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/osrg/gobgp/pull/3340"
},
{
"tags": [
"patch"
],
"url": "https://github.com/osrg/gobgp/commit/f0f24a2a901cbf159260698211ab15c583ced131"
},
{
"tags": [
"product"
],
"url": "https://github.com/osrg/gobgp/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-30T09:55:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "osrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5124",
"datePublished": "2026-03-30T16:15:12.565Z",
"dateReserved": "2026-03-30T07:50:38.468Z",
"dateUpdated": "2026-03-30T18:39:46.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5136 (GCVE-0-2026-5136)
Vulnerability from cvelistv5 – Published: 2026-07-01 13:28 – Updated: 2026-07-01 19:09
VLAI
Title
Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation
Summary
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:34367 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:34368 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-5136 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2452970 | issue-trackingx_refsource_REDHAT |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 |
Unaffected:
0:3.12.0.17-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 |
Unaffected:
0:3.12.0.17-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
| Red Hat | Red Hat Satellite 6.18 for RHEL 9 |
Unaffected:
0:3.16.0.17-1.el9sat , < *
(rpm)
cpe:/a:redhat:satellite:6.18::el9 cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
Date Public
2026-07-01 12:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T15:01:31.066159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T15:01:39.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.12.0.17-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.12.0.17-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9",
"cpe:/a:redhat:satellite_capsule:6.18::el9",
"cpe:/a:redhat:satellite_utils:6.18::el9"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.18 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.16.0.17-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"packageName": "satellite-capsule:el8/foreman",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue."
}
],
"datePublic": "2026-07-01T12:28:21.744Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user\u0027s permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T19:09:26.865Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:34367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34367"
},
{
"name": "RHSA-2026:34368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34368"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-5136"
},
{
"name": "RHBZ#2452970",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452970"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-30T10:41:48.559Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-07-01T12:28:21.744Z",
"value": "Made public."
}
],
"title": "Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-5136",
"datePublished": "2026-07-01T13:28:00.316Z",
"dateReserved": "2026-03-30T10:47:46.043Z",
"dateUpdated": "2026-07-01T19:09:26.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5141 (GCVE-0-2026-5141)
Vulnerability from cvelistv5 – Published: 2026-04-29 14:18 – Updated: 2026-06-06 07:50
VLAI
Title
Improper Access Control in TUBITAK BILGEM's Pardus Software Center
Summary
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.
This issue affects Pardus Software Center: from 1.0.2 before 1.0.3.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Software Center |
Affected:
1.0.2 , < 1.0.3
(custom)
|
Date Public
2026-04-29 14:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:05:44.609262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T15:22:47.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Software Center",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "1.0.3",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00c7a\u011fr\u0131 ESER"
}
],
"datePublic": "2026-04-29T14:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.\u003cp\u003eThis issue affects Pardus Software Center: from 1.0.2 before 1.0.3.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.\n\nThis issue affects Pardus Software Center: from 1.0.2 before 1.0.3."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect privilege assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:50:06.915Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in TUBITAK BILGEM\u0027s Pardus Software Center",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5141",
"datePublished": "2026-04-29T14:18:00.642Z",
"dateReserved": "2026-03-30T11:59:12.951Z",
"dateUpdated": "2026-06-06T07:50:06.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5215 (GCVE-0-2026-5215)
Vulnerability from cvelistv5 – Published: 2026-03-31 21:15 – Updated: 2026-04-01 18:46
VLAI
Title
D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control
Summary
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_get_ipv6 of the file /cgi-bin/network_mgr.cgi. Such manipulation leads to improper access controls. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354351 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/354351/cti | signaturepermissions-required |
| https://vuldb.com/submit/780440 | third-party-advisory |
| https://github.com/wudipjq/my_vuln/blob/main/D-Li… | exploit |
| https://www.dlink.com/ | product |
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DNS-120 |
Affected:
20260205
|
|
| D-Link | DNR-202L |
Affected:
20260205
|
|
| D-Link | DNS-315L |
Affected:
20260205
|
|
| D-Link | DNS-320 |
Affected:
20260205
|
|
| D-Link | DNS-320L |
Affected:
20260205
|
|
| D-Link | DNS-320LW |
Affected:
20260205
|
|
| D-Link | DNS-321 |
Affected:
20260205
|
|
| D-Link | DNR-322L |
Affected:
20260205
|
|
| D-Link | DNS-323 |
Affected:
20260205
|
|
| D-Link | DNS-325 |
Affected:
20260205
|
|
| D-Link | DNS-326 |
Affected:
20260205
|
|
| D-Link | DNS-327L |
Affected:
20260205
|
|
| D-Link | DNR-326 |
Affected:
20260205
|
|
| D-Link | DNS-340L |
Affected:
20260205
|
|
| D-Link | DNS-343 |
Affected:
20260205
|
|
| D-Link | DNS-345 |
Affected:
20260205
|
|
| D-Link | DNS-726-4 |
Affected:
20260205
|
|
| D-Link | DNS-1100-4 |
Affected:
20260205
|
|
| D-Link | DNS-1200-05 |
Affected:
20260205
|
|
| D-Link | DNS-1550-04 |
Affected:
20260205
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5215",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:46:15.471970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:46:26.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DNS-120",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNR-202L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-315L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-320",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-320L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-320LW",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-321",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNR-322L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-323",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-325",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-326",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-327L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNR-326",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-340L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-343",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-345",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-726-4",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-1100-4",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-1200-05",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-1550-04",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ziyue Xie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_get_ipv6 of the file /cgi-bin/network_mgr.cgi. Such manipulation leads to improper access controls. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T21:15:19.202Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354351 | D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/354351"
},
{
"name": "VDB-354351 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354351/cti"
},
{
"name": "Submit #780440 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/780440"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_170/170.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-31T12:35:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5215",
"datePublished": "2026-03-31T21:15:19.202Z",
"dateReserved": "2026-03-31T10:29:41.841Z",
"dateUpdated": "2026-04-01T18:46:26.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5311 (GCVE-0-2026-5311)
Vulnerability from cvelistv5 – Published: 2026-04-01 19:45 – Updated: 2026-04-02 15:27
VLAI
Title
D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control
Summary
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354640 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/354640/cti | signaturepermissions-required |
| https://vuldb.com/submit/780441 | third-party-advisory |
| https://github.com/wudipjq/my_vuln/blob/main/D-Li… | exploit |
| https://www.dlink.com/ | product |
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DNS-120 |
Affected:
20260205
|
|
| D-Link | DNR-202L |
Affected:
20260205
|
|
| D-Link | DNS-315L |
Affected:
20260205
|
|
| D-Link | DNS-320 |
Affected:
20260205
|
|
| D-Link | DNS-320L |
Affected:
20260205
|
|
| D-Link | DNS-320LW |
Affected:
20260205
|
|
| D-Link | DNS-321 |
Affected:
20260205
|
|
| D-Link | DNR-322L |
Affected:
20260205
|
|
| D-Link | DNS-323 |
Affected:
20260205
|
|
| D-Link | DNS-325 |
Affected:
20260205
|
|
| D-Link | DNS-326 |
Affected:
20260205
|
|
| D-Link | DNS-327L |
Affected:
20260205
|
|
| D-Link | DNR-326 |
Affected:
20260205
|
|
| D-Link | DNS-340L |
Affected:
20260205
|
|
| D-Link | DNS-343 |
Affected:
20260205
|
|
| D-Link | DNS-345 |
Affected:
20260205
|
|
| D-Link | DNS-726-4 |
Affected:
20260205
|
|
| D-Link | DNS-1100-4 |
Affected:
20260205
|
|
| D-Link | DNS-1200-05 |
Affected:
20260205
|
|
| D-Link | DNS-1550-04 |
Affected:
20260205
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5311",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T15:26:11.181157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T15:27:57.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DNS-120",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNR-202L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-315L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-320",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-320L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-320LW",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-321",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNR-322L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-323",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-325",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-326",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-327L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNR-326",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-340L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-343",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-345",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-726-4",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-1100-4",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-1200-05",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-1550-04",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ziyue Xie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:45:14.221Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354640 | D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/354640"
},
{
"name": "VDB-354640 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354640/cti"
},
{
"name": "Submit #780441 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/780441"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-01T14:18:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5311",
"datePublished": "2026-04-01T19:45:14.221Z",
"dateReserved": "2026-04-01T12:13:33.464Z",
"dateUpdated": "2026-04-02T15:27:57.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5312 (GCVE-0-2026-5312)
Vulnerability from cvelistv5 – Published: 2026-04-01 20:30 – Updated: 2026-04-02 13:13
VLAI
Title
D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control
Summary
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354641 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/354641/cti | signaturepermissions-required |
| https://vuldb.com/submit/780442 | third-party-advisory |
| https://vuldb.com/submit/780443 | third-party-advisory |
| https://github.com/wudipjq/my_vuln/blob/main/D-Li… | related |
| https://github.com/wudipjq/my_vuln/blob/main/D-Li… | exploit |
| https://www.dlink.com/ | product |
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DNS-120 |
Affected:
20260205
|
|
| D-Link | DNR-202L |
Affected:
20260205
|
|
| D-Link | DNS-315L |
Affected:
20260205
|
|
| D-Link | DNS-320 |
Affected:
20260205
|
|
| D-Link | DNS-320L |
Affected:
20260205
|
|
| D-Link | DNS-320LW |
Affected:
20260205
|
|
| D-Link | DNS-321 |
Affected:
20260205
|
|
| D-Link | DNR-322L |
Affected:
20260205
|
|
| D-Link | DNS-323 |
Affected:
20260205
|
|
| D-Link | DNS-325 |
Affected:
20260205
|
|
| D-Link | DNS-326 |
Affected:
20260205
|
|
| D-Link | DNS-327L |
Affected:
20260205
|
|
| D-Link | DNR-326 |
Affected:
20260205
|
|
| D-Link | DNS-340L |
Affected:
20260205
|
|
| D-Link | DNS-343 |
Affected:
20260205
|
|
| D-Link | DNS-345 |
Affected:
20260205
|
|
| D-Link | DNS-726-4 |
Affected:
20260205
|
|
| D-Link | DNS-1100-4 |
Affected:
20260205
|
|
| D-Link | DNS-1200-05 |
Affected:
20260205
|
|
| D-Link | DNS-1550-04 |
Affected:
20260205
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:12:44.950286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:13:05.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DNS-120",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNR-202L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-315L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-320",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-320L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-320LW",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-321",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNR-322L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-323",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-325",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-326",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-327L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNR-326",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-340L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-343",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-345",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-726-4",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-1100-4",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-1200-05",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
},
{
"product": "DNS-1550-04",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20260205"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ziyue Xie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:30:15.569Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354641 | D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/354641"
},
{
"name": "VDB-354641 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354641/cti"
},
{
"name": "Submit #780442 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/780442"
},
{
"name": "Submit #780443 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/780443"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-01T14:18:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5312",
"datePublished": "2026-04-01T20:30:15.569Z",
"dateReserved": "2026-04-01T12:13:37.400Z",
"dateUpdated": "2026-04-02T13:13:05.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5330 (GCVE-0-2026-5330)
Vulnerability from cvelistv5 – Published: 2026-04-02 12:45 – Updated: 2026-04-02 14:19 X_Freeware
VLAI
Title
SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control
Summary
A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. The attack may be initiated remotely. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354664 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/354664/cti | signaturepermissions-required |
| https://vuldb.com/submit/780734 | third-party-advisory |
| https://github.com/zy606/Vulnerability-Report/tre… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Best Courier Management System |
Affected:
1.0
|
|
| mayuri_k | Best Courier Management System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5330",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T14:19:28.837594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T14:19:51.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"User Delete Handler"
],
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"modules": [
"User Delete Handler"
],
"product": "Best Courier Management System",
"vendor": "mayuri_k",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zyyyy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. The attack may be initiated remotely. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.4,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T12:45:10.637Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354664 | SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/354664"
},
{
"name": "VDB-354664 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354664/cti"
},
{
"name": "Submit #780734 | Mayuri K. Gaatitrack Courier Management System 1.0 Broken Access Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/780734"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/zy606/Vulnerability-Report/tree/main/Gaatitrack-Unauth-Delete"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-01T15:52:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5330",
"datePublished": "2026-04-02T12:45:10.637Z",
"dateReserved": "2026-04-01T13:47:29.145Z",
"dateUpdated": "2026-04-02T14:19:51.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53814 (GCVE-0-2026-53814)
Vulnerability from cvelistv5 – Published: 2026-06-11 20:08 – Updated: 2026-06-23 16:16 X_Open Source
VLAI
Title
OpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority
Summary
OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes to access or invoke owner-only MCP tools, potentially executing privileged actions like persistent cron state modifications.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openclaw/openclaw/security/adv… | vendor-advisory |
| https://www.vulncheck.com/advisories/openclaw-pri… | third-party-advisory |
Impacted products
Date Public
2026-05-28 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T03:55:39.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"repo": "https://github.com/openclaw/openclaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.5.20",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.5.20",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.5.20",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cantinagen"
},
{
"lang": "en",
"type": "finder",
"value": "Ellahi (@Ellahinator)"
}
],
"datePublic": "2026-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes to access or invoke owner-only MCP tools, potentially executing privileged actions like persistent cron state modifications."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:16:53.281Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-6fvr-66p3-3qj4)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6fvr-66p3-3qj4"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-hook-triggered-cli-mcp-tool-authority"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53814",
"datePublished": "2026-06-11T20:08:31.474Z",
"dateReserved": "2026-06-10T21:14:38.834Z",
"dateUpdated": "2026-06-23T16:16:53.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53847 (GCVE-0-2026-53847)
Vulnerability from cvelistv5 – Published: 2026-06-16 18:04 – Updated: 2026-06-16 18:45 X_Open Source
VLAI
Title
OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope
Summary
OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openclaw/openclaw/security/adv… | vendor-advisory |
| https://www.vulncheck.com/advisories/openclaw-pri… | third-party-advisory |
Impacted products
Date Public
2026-05-28 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T18:44:55.341954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T18:45:07.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"repo": "https://github.com/openclaw/openclaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.5.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.5.6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.5.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zsx (@zsxsoft)"
},
{
"lang": "en",
"type": "coordinator",
"value": "KeenSecurityLab"
},
{
"lang": "en",
"type": "tool",
"value": "qclawer"
}
],
"datePublic": "2026-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T18:04:58.195Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-x629-46cc-7xgw)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.5.6 - Privilege Escalation via Active Memory Write Scope",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.5.6 - Privilege Escalation via Active Memory Write Scope",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53847",
"datePublished": "2026-06-16T18:04:58.195Z",
"dateReserved": "2026-06-10T21:21:12.125Z",
"dateUpdated": "2026-06-16T18:45:07.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53862 (GCVE-0-2026-53862)
Vulnerability from cvelistv5 – Published: 2026-06-16 18:05 – Updated: 2026-06-16 18:36 X_Open Source
VLAI
Title
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening
Summary
OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/openclaw/openclaw/security/adv… | vendor-advisory |
| https://www.vulncheck.com/advisories/openclaw-boo… | third-party-advisory |
Impacted products
Date Public
2026-05-28 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T18:31:01.331574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T18:36:00.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"repo": "https://github.com/openclaw/openclaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.5.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.5.12",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.5.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Edward-x (@YLChen-007)"
}
],
"datePublic": "2026-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T18:05:08.595Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-9v8j-9c9g-w66c)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9v8j-9c9g-w66c"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-bootstrap-token-replay-via-pending-pairing-scope-widening"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53862",
"datePublished": "2026-06-16T18:05:08.595Z",
"dateReserved": "2026-06-10T21:22:34.480Z",
"dateUpdated": "2026-06-16T18:36:00.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.