{"vulnerability": "cve-2026-4500", "sightings": [{"uuid": "8b0a464a-3dce-4764-b0a1-2d0f232e81f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4500", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4500", "content": "", "creation_timestamp": "2026-03-20T19:16:50.000000Z"}, {"uuid": "54706854-bd19-4682-be08-cb155b997ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45004", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mllvdh5omh2t", "content": "\ud83d\udfe0 CVE-2026-45004 - High (7.8)\n\nOpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45004/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T18:22:05.672282Z"}, {"uuid": "9fe749c2-45d1-49c5-861a-cc4068f8cc2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45004", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mllvdh5omh2t", "content": "\ud83d\udfe0 CVE-2026-45004 - High (7.8)\n\nOpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45004/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T18:22:05.657809Z"}, {"uuid": "17eaac55-fd77-47f5-8f21-513abead9b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45006", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mllvdoj2cq2q", "content": "\ud83d\udfe0 CVE-2026-45006 - High (8.8)\n\nOpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45006/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T18:22:13.650353Z"}, {"uuid": "45f83ae3-bca7-455b-8a16-300decb55ac9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45006", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mllvdoj2cq2q", "content": "\ud83d\udfe0 CVE-2026-45006 - High (8.8)\n\nOpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45006/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T18:22:13.666901Z"}, {"uuid": "a0119b06-7cd3-4f57-b9bd-4be5345c5175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45001", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllwtodafh2e", "content": "CVE-2026-45001 - OpenClaw\nCVE ID : CVE-2026-45001\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect ...", "creation_timestamp": "2026-05-11T18:49:06.629702Z"}, {"uuid": "a79be7ba-597b-46c2-925e-4f0a221654d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45002", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllx7csja72h", "content": "CVE-2026-45002 - OpenClaw\nCVE ID : CVE-2026-45002\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in res...", "creation_timestamp": "2026-05-11T18:55:33.939511Z"}, {"uuid": "ab704992-c149-4b15-82ce-809f332c3679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45000", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllxipqunm2i", "content": "CVE-2026-45000 - OpenClaw\nCVE ID : CVE-2026-45000\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. ...", "creation_timestamp": "2026-05-11T19:00:49.354245Z"}, {"uuid": "d690cbb1-ea84-482e-8dfd-4d8d32d89416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45000", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllxipqunm2i", "content": "CVE-2026-45000 - OpenClaw\nCVE ID : CVE-2026-45000\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. ...", "creation_timestamp": "2026-05-11T19:00:49.356680Z"}, {"uuid": "cc6ae80c-a8fd-4f4c-b60e-ad853f62edde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45003", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllxo3pxue2r", "content": "CVE-2026-45003 - OpenClaw\nCVE ID : CVE-2026-45003\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attacke...", "creation_timestamp": "2026-05-11T19:03:49.837918Z"}, {"uuid": "51b39a9d-689b-4668-983d-7c39d4d66e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45003", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllxo3pxue2r", "content": "CVE-2026-45003 - OpenClaw\nCVE ID : CVE-2026-45003\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attacke...", "creation_timestamp": "2026-05-11T19:03:49.840360Z"}, {"uuid": "0b8c4dfb-6554-4731-bb77-e503b4e23f1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45004", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlly2rocca2q", "content": "CVE-2026-45004 - OpenClaw\nCVE ID : CVE-2026-45004\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd...", "creation_timestamp": "2026-05-11T19:10:55.478894Z"}, {"uuid": "2032bbd4-416c-4c8e-bf90-4a8c006c204a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45004", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlly2rocca2q", "content": "CVE-2026-45004 - OpenClaw\nCVE ID : CVE-2026-45004\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd...", "creation_timestamp": "2026-05-11T19:10:55.482630Z"}, {"uuid": "ce2ff165-999b-44f8-8ce1-d986568d2623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45005", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllychagb52q", "content": "CVE-2026-45005 - OpenClaw\nCVE ID : CVE-2026-45005\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and relo...", "creation_timestamp": "2026-05-11T19:15:12.996272Z"}, {"uuid": "a4234504-d7a7-44d5-afe3-12ff379a2382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45005", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllychagb52q", "content": "CVE-2026-45005 - OpenClaw\nCVE ID : CVE-2026-45005\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and relo...", "creation_timestamp": "2026-05-11T19:15:12.997686Z"}, {"uuid": "759db6b6-75db-4855-81b5-abf940b6234e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45006", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllylfpivv2k", "content": "CVE-2026-45006 - OpenClaw\nCVE ID : CVE-2026-45006\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows com...", "creation_timestamp": "2026-05-11T19:20:13.305256Z"}, {"uuid": "358101b1-61b4-4cba-a461-5a7f4f882118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45006", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllylfpivv2k", "content": "CVE-2026-45006 - OpenClaw\nCVE ID : CVE-2026-45006\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows com...", "creation_timestamp": "2026-05-11T19:20:13.302513Z"}, {"uuid": "987a7daf-90fa-4d60-b0ee-25b3da273c0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45007", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-rm98-82fr-mcfx", "content": "", "creation_timestamp": "2026-05-06T20:24:39.000000Z"}, {"uuid": "2873439b-198f-4511-b441-9e4bac254403", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45009", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-jrc5-w569-h7h5", "content": "", "creation_timestamp": "2026-05-06T20:37:42.000000Z"}, {"uuid": "8007f818-2b6a-40d0-ad0d-50dcb154406d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45008", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-gh9p-q46p-57g2", "content": "", "creation_timestamp": "2026-05-06T20:47:54.000000Z"}]}