Mastodawn

🟠 CVE-2026-5045 - High (8.8)

A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer over...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5045/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 1h ago

🔴 CVE-2026-32922 - Critical (9.9)

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32922/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 1h ago

🟠 CVE-2026-32974 - High (8.6)

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32974/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 1h ago

🔴 CVE-2026-32973 - Critical (9.8)

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32973/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 1h ago

🟠 CVE-2026-32915 - High (8.8)

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32915/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 1h ago

🟠 CVE-2026-32914 - High (8.8)

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or mo...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32914/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 1h ago

🔴 CVE-2026-32924 - Critical (9.8)

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass grou...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32924/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 1h ago

🔴 CVE-2026-32922 - Critical (9.9)

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current s...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32922/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 1h ago

🟠 CVE-2026-32974 - High (8.6)

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forge...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32974/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

TheHackerWire 1h ago

🔴 CVE-2026-32973 - Critical (9.8)

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard mat...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32973/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack