mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
chore: CVE advisories - 1 new, 0 updated
Automated update from NVD CVE feed. Keywords: OpenClaw clawdbot Moltbot Poll window: 2026-02-05T12:53:37Z to 2026-02-07T06:10:40.000Z
This commit is contained in:
davida-ps
committed by
github-actions[bot]
github-actions[bot]
parent
87f80aae94
commit
5ded815e6a
+16
-1
@@ -1,8 +1,23 @@
|
||||
{
|
||||
"version": "0.0.2",
|
||||
"updated": "2026-02-05T12:53:37Z",
|
||||
"updated": "2026-02-07T06:10:59Z",
|
||||
"description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.",
|
||||
"advisories": [
|
||||
{
|
||||
"id": "CVE-2026-25593",
|
||||
"severity": "high",
|
||||
"type": "vulnerable_skill",
|
||||
"title": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use t...",
|
||||
"description": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability is fixed in 2026.1.20.",
|
||||
"affected": [],
|
||||
"action": "Review and update affected components. See NVD for remediation details.",
|
||||
"published": "2026-02-06T21:16:17.790",
|
||||
"references": [
|
||||
"https://github.com/openclaw/openclaw/security/advisories/GHSA-g55j-c2v4-pjcg"
|
||||
],
|
||||
"cvss_score": 8.4,
|
||||
"nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25593"
|
||||
},
|
||||
{
|
||||
"id": "CVE-2026-25475",
|
||||
"severity": "medium",
|
||||
|
||||
@@ -1,8 +1,23 @@
|
||||
{
|
||||
"version": "0.0.2",
|
||||
"updated": "2026-02-05T12:53:37Z",
|
||||
"updated": "2026-02-07T06:10:59Z",
|
||||
"description": "Community-driven security advisory feed for ClawSec. Automatically updated with OpenClaw-related CVEs from NVD and community-reported security incidents.",
|
||||
"advisories": [
|
||||
{
|
||||
"id": "CVE-2026-25593",
|
||||
"severity": "high",
|
||||
"type": "vulnerable_skill",
|
||||
"title": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use t...",
|
||||
"description": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability is fixed in 2026.1.20.",
|
||||
"affected": [],
|
||||
"action": "Review and update affected components. See NVD for remediation details.",
|
||||
"published": "2026-02-06T21:16:17.790",
|
||||
"references": [
|
||||
"https://github.com/openclaw/openclaw/security/advisories/GHSA-g55j-c2v4-pjcg"
|
||||
],
|
||||
"cvss_score": 8.4,
|
||||
"nvd_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25593"
|
||||
},
|
||||
{
|
||||
"id": "CVE-2026-25475",
|
||||
"severity": "medium",
|
||||
|
||||
Reference in New Issue
Block a user