GHSA-hw9r-h9mr-4jffHIGHCVSS 8.8

OpenClaw: Scoped chat.send route inheritance could bypass admin command scope gates

Published Jul 2, 2026·Updated Jul 2, 2026

Description

### Summary Some internal command handlers require `operator.approvals` or `operator.admin` scopes. In affected releases, a scoped Gateway `chat.send` request delivered through an inherited external route could be evaluated as an external-channel command while still carrying the lower Gateway client scopes. This issue affects scoped Gateway clients. It does not apply to shared-secret bearer HTTP compatibility endpoints, which are documented as full operator surfaces under OpenClaw's trust model. ### Affected configurations This affects deployments where a scoped Gateway caller with `operator.write` can use `chat.send` with delivery into a session that has an inherited external delivery route. ### Impact Commands that should have required `operator.approvals` or `operator.admin` could run with only `operator.write` in this routed context. Affected command families included approval resolution and selected administrative commands such as plugin, config, MCP, allowlist, and ACP mutations. ### Patched Versions The first stable patched version is `2026.5.18`. ### Mitigations Upgrade to `openclaw@2026.5.18` or later. Before upgrading, avoid granting `operator.write` tokens to clients that can deliver commands into sessions with external routes unless those clients are trusted with admin-like command effects.

Affected Packages (1)

openclawNPM
Fixed in 2026.5.18

Public Exploits & PoCs100 found

PoC: redtail-ioc

IOCs and a read-only triage checklist from a real Linux root compromise: RedTail miner, XorDDoS persistence, MoneroOcean miner, DirtyFrag LPE (CVE-2026-43284/43500). CC0.

2

PoC: CVE-2025-20720

CVE-2025-20720 — PolyShell: Magento 2 Unauthenticated Arbitrary File Upload RCE | GIF89a polyglot bypass | guest-cart REST API | 79.5% stores targeted

1

PoC: oppo-ghostlock

OPPO Find N2 GhostLock (CVE-2026-43499) exploit adaptation

1

PoC: yellowkey-bitlocker

yellow key bitlocker yellow screen bitlocker bitlocker recovery key CVE-2026-45585 microsoft account secure boot bypass command prompt windows 11 windows 10 surface pro uefi firmware encryption key data recovery troubleshoot boot loop cmd unlock drive setup guide tutorial

1

PoC: CVE-2026-53571

CVE-2026-53571 `server.fs.deny` bypass on Windows alternate paths PoC.

1

PoC: CVE-2026-54520

CVE-2026-54520 / GHSA-cm8g-8jfq-887p: ai-agent-automation workflow path traversal advisory landing page

1

PoC: CVE-2026-54519

CVE-2026-54519 / GHSA-qv97-83w4-ff86: ai-agent-automation memory authorization advisory landing page

1

PoC: CVE-2026-50181

CVE-2026-50181 / GHSA-fg23-3346-88f5: Langroid path traversal advisory landing page

1

PoC: CVE-2026-50131

CVE-2026-50131 / GHSA-xw9q-2mv6-9fr8: Fedify incomplete SSRF mitigation advisory landing page

1

PoC: CVE-2026-53359-Kernel-Fix

Linux 内核升级指南 - 修复 CVE-2026-53359

1

PoC: Apache-CVE-2021-41773

WHS 4기 이희수. kr-vulhub 과제 제출물

PoC: CVE-2026-23744

CVE-2026-23744 MCPJam Inspector unauthenticated RCE PoC

PoC: CVE-2026-38526-PoC-htb-nexus

A PoC script for CVE-2026-38526, RCE via a file upload vulnerability in the /admin/tinymce/upload endpoint of webkul krayin 2.2.x

PoC: CVE-2026-15282

Instant Appointment <= 1.2 — Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8

PoC: CVE-2026-59734-POC

OS Command Injection in Health Check → Remote Code Execution

PoC: CVE-2026-46331

CVE-2026-46331 act_pedit page-cache corruption exploit, with Alpine PIE fix

PoC: CVE-2024-13985

Dahua CVE-2024-13985

PoC: CVE-2026-29114

Dahua CVE-2026-29114

PoC: CVE-2026-29115

Dahua CVE-2026-29115

PoC: CVE-2026-29116

Dahua CVE-2026-29116

PoC: cybermeowfia-termux

Termux Privilege Escalation Tool & Root Manager - CVE-2026-43501

PoC: CVE-2026-46242

CVE-2026-46242

PoC: lenovo-a1000g-mt8317-A412_01_09_130907-kernel-3.4.0-root-cve-2016-5195

[AI-assisted] Root method for Lenovo IdeaTab A1000G (MT8317, kernel 3.4.0, Android 4.1) via CVE-2016-5195 (Dirty COW)

PoC: CVE-2026-40887

An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression without parameterization or validation, allowing an attacker to execute arbitrary SQL against the database.

PoC: IOHIDFamily-PoC-Research

CVE-2026-28992 IOHIDFamily FastPathUserClient race condition PoC — security research

PoC: CVE-2021-28235

CVE-2021-28235 PoC

PoC: CVE-2025-60787

CVE-2025-60787 motionEye authenticated command injection RCE PoC

PoC: Cups-RCE-Exploit

C++ exploit for unauthenticated remote code execution on CUPS via CVE-2024-47176 chain.

PoC: Abyssal

Abyssal is a high-performance Telnet vulnerability scanner for CVE-2026-24061, delivering root shells on vulnerable systems with false-positive detection.

PoC: cve-2026-9558-poc

Exploitability PoC for CVE-2026-9558 (SSTI Mautic Theme)

PoC: CVE-2026-54390

CVE-2026-54390 — JTL Shop Smarty SSTI RCE | Pre-Auth Template Injection via fetch('string:' . ) | 5.2.0-5.7.1

PoC: CVE-2022-26134

Exploit for CVE-2022-26134

PoC: CVE-2026-40860

Reproducer for CVE-2026-40860 — Apache Camel camel-jms/sjms/amqp JMS ObjectMessage unsafe deserialization (RCE)

PoC: openclaw-hardening-check

Offline, read-only hardening check for a self-hosted OpenClaw install — gateway exposure, auth, CVE-2026-25253. Never prints secrets, makes no network calls.

PoC: CVE-2026-40859

Reproducer for CVE-2026-40859 — Apache Camel camel-netty-http / camel-vertx-http producer-side unsafe deserialization of HTTP response bodies (RCE)

PoC: CVE-2024-51482

CVE-2025-51482 POC, Dump Credentials From zm.Users

PoC: CVE-2026-40858

Reproducer for CVE-2026-40858 — Apache Camel camel-infinispan remote aggregation repository unsafe deserialization (RCE)

PoC: CVE-2026-50980

oPnael DNS-Based Cross-Site Scripting (XSS) & Session Hijacking

PoC: CVE-2026-50979

oPanel Authanticated Remote Code Execution via 'advenced/curl' Component

PoC: reactorwatch-pentest

☢️ ReactorWatch v3.2.1 — Nuclear Reactor Core Monitoring System Pentest | CVE-2025-55182 (React2Shell) Unauthenticated RCE → SQLite Exfil → MD5 Crack → SSH Pivot → CDP Root Escalation | CVSS 10.0 | AMN SECURITY

PoC: CVE-2026-46331

A Proof of Concept (PoC) exploit for CVE-2026-46331

PoC: CVE-2026-56423-MISP-deleteSelection-BrokenAccessControl

PoC for CVE-2026-56423: MISP deleteSelection broken access control (CWE-862, contributor hard-deletes other orgs' Event Reports/Sharing Groups, CVSS 8.8)

PoC: ghostlink-writeup

Ghostlink HTB — Full Chain AD + Gogs Exploitation | MQTT → NTLM Relay → Path Traversal → CVE-2025-8110 → ADCS ESC11 → DCSync | AMN SECURITY

PoC: cve-2025-22457

Altay takımı haftalık sunumu için yaptığım cve-2025-22457 zafiyeti demo uygulaması

PoC: CVE-2026-41089-LongLogon

CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.

PoC: CVE-2026-29519-Lucee-Reflected-XSS

Proof of Concept for Reflected XSS in Lucee CFML (CVE-2026-29519)

PoC: CVE-2026-49230-APISIX-jwe-decrypt-Auth-Bypass

PoC for CVE-2026-49230: Apache APISIX jwe-decrypt authentication bypass (missing AES-GCM tag validation, CWE-354, CVSS 9.1)

PoC: CVE-2026-48908-joomla-sp-page-builder-detection

Laboratory validation of CVE-2026-48908 in Joomla SP Page Builder, covering unauthorized icon upload, PHP file write, code execution as www-data, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.

PoC: CVE-2026-61343-poc-librebooking-rce

Librebooking Admin RCE PoC CVE-2026-61343

PoC: CVE-2025-43782

OpenSSL TLS handshake buffer overflow

PoC: LVM-Januscape

CVE-2026-53359漏洞补丁

PoC: CVE-2026-57517-CWP

Control Web Panel (CWP) vulnerability scenario related to CVE-2026-57517

PoC: react2shell

PoC for CVE-2025-55182 React2Shell

PoC: CVE-2026-56876-POC

Offical PoC for this cve

PoC: CVE-2017-15715-httpd

whs 4기 컨테이너 과제

PoC: CVE-2026-8037-POC

包括能执行的命令探测和一键getshell(需要服务器部署服务)

PoC: WHS4_CVE-2021-4034

Whitehat School 4기 CVE-2021-4034 분석 및 POC 작성

PoC: CVE-2026-40473

Reproducer for CVE-2026-40473: Apache Camel camel-mina MinaConverter.toObjectInput unsafe deserialization (RCE over TCP/UDP)

PoC: -linx-server-vulnerability-report

Public disclosure for CVE-2026-52100 (CSRF) & CVE-2026-52101 (SSRF) in linx-server. MITRE assigned the CVEs; this repo provides a public reference and helps affected users understand the risk.

PoC: CVE-2026-4257

CVE-2026-4257 - Contact Form by Supsystic <= 1.7.36 # SSTI to RCE

PoC: CentOS7_CVE-2021-3712_Remediation

Production Ready Steps for Remediating a openssl CVE(https://nvd.nist.gov/vuln/detail/cve-2021-3712) on EOL CentOS7 box

PoC: H2-database-CVE-2022-23221

vulhub/H2-database/CVE-2022-23221

PoC: Ubiquiti-CVE

CVE-2026-50746... - Draft

PoC: CVE-2026-43499

CVE-2026-43499

PoC: TwoMillion-HTB-Write-up

Write-up completo de la máquina TwoMillion de Hack The Box. Enumeración web, explotación de API, escalada a admin, inyección de comandos (RCE), reverse shell y escalada a root mediante CVE-2023-0386 (OverlayFS + FUSE). Técnicas de pentesting aplicadas en un entorno controlado.

PoC: CVE-2026-40453

Reproducer for CVE-2026-40453: Apache Camel case-variant Camel header injection (incomplete fix of CVE-2025-27636)

PoC: CVE-2026-44825-Apache-Solr-Scanner

Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.

PoC: CVE-2026-40048

Reproducer for CVE-2026-40048: Apache Camel camel-pqc FileBasedKeyLifecycleManager unsafe deserialization (RCE)

PoC: CVE-2026-38526

Automated exploit for Krayin CRM ≤ 2.2.x.

PoC: CVE-2021-40346

WHS CVE-2021-40346 분석

PoC: CVE-2026-27495

Proof-of-concept exploit and lab environment for CVE-2026-27495

PoC: CVE-2026-35204

CVE-2026-35204 PoC

PoC: tetragon-dirtyfrag

Blocking the DirtyFrag Linux LPE chain (CVE-2026-43284 / CVE-2026-43500) at runtime with a Cilium Tetragon TracingPolicy | kills the exploit at the kernel-module autoload step. Tested on RHEL 9.8 (kernel 5.14) and Ubuntu 24.04 (kernel 6.8). Policy, lab notes, and evidence.

PoC: CVE-2026-35204

CVE-2026-35204 PoC

PoC: CVE-2026-34197

Poc for CVE-2026-34197

PoC: CVE-2026-40047

Reproducer for CVE-2026-40047: Apache Camel camel-docling CLI argument injection / path traversal

PoC: cve-2026-25262-sm8450-research

CVE-2026-25262 applicability to Snapdragon 8 Gen 1 — experimental results

PoC: mcp-doorman

A lightweight mcp to prevent poisoning CVE (CVE-2025-54136), researchers hijacking Claude Code/Copilot/Gemini via prompt injection, and hundreds of MCP servers exposed with zero auth, this mcp protects the individual developer's laptop, where most MCP servers actually run.

PoC: CVE-2025-55182

Exploit for CVE-2025-55182

PoC: CVE-2021-21974

自研针对ESXI 堆栈溢出的CVE-2021-21974 POC,只支持项目给出的的目标和环境,用于学习和研究

PoC: CVE-2026-43499

CVE-2026-43499 - Draft

PoC: CVE-2026-56290

CVE-2026-56290 - Mass Exploit for Joomla Com_pagebuilderck component (Unrestricted File Upload → RCE). Multi-threaded, automatic CSRF bypass, PHP shell uploader.

PoC: ScannerBadEpoll

Verificador de Vulnerabilidad: Bad Epoll (CVE-2026-46242)

PoC: CVE-2026-0257-GlobalProtect-Bypass

CVE-2026-0257 - Palo Alto PAN-OS GlobalProtect Auth Override Cookie Forgery - PoC & Analysis | CVSS 9.1 CRITICAL CISA KEV | AMN SECURITY

PoC: CVE-2026-49777-WooCommerce-RCE

CVE-2026-49777 - WooCommerce Product Slider Pro Malicious Software Implantation RCE - PoC & Analysis | CVSS 10.0 CRITICAL | AMN SECURITY

PoC: CVE-2026-8206-Kirki-WP

CVE-2026-8206 - Kirki WordPress Plugin Unauthenticated Account Takeover - PoC & Analysis | CVSS 9.8 CRITICAL | AMN SECURITY

PoC: CVE-2026-42271-LiteLLM-RCE

CVE-2026-42271 - LiteLLM AI Gateway MCP Command Injection RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY

PoC: CVE-2026-45659-SharePoint-RCE

CVE-2026-45659 - Microsoft SharePoint Deserialization RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY

PoC: CVE-2026-8451-CitrixBleed

CVE-2026-8451 - Citrix NetScaler SAML Memory Overread (CitrixBleed) - PoC & Analysis | CVSS 8.8 | AMN SECURITY

PoC: cve-2026-48282-coldfusion-rds-detection

Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.

PoC: cve-2026-20896-gitea-poc

CVE-2026-20896 Gitea Docker X-WEBAUTH-USER auth bypass checker

PoC: CVE-2026-12277

Frontend File Manager Plugin (WordPress) <= 23.6 - Unauthenticated Arbitrary File Deletion to RCE

PoC: CVE-2019-9978-Social-Warfare-WordPress-RCE

A complete walkthrough and exploit for CVE-2019-9978 - Unauthenticated Remote Code Execution in Social Warfare WordPress plugin ≤ 3.5.2. Includes vulnerable code analysis and payload examples.

PoC: CVE-2026-36214

Stored Cross-Site Scripting (XSS) in osTicket via Vulnerable Bootstrap Tooltip Component

PoC: VTIGER-CRM-RCE-CVE-2026-23698

Vtiger CRM 8.3.0, 8.4.0 Module Import Authenticated RCE PoC

PoC: VTIGER-CRM-RCE-CVE-2026-23697

Vtiger CRM 8.3.0 Authenticated RCE via .phar Upload

PoC: Whisper_Bully

Two-stage Bluetooth DoS attack on Fast Pair devices via CVE-2025-36911

PoC: CVE-2022-46364

Python POC, Exploit for CVE-2022-46364

PoC: RedTeamBrasil-CVE-2025-64459

NEO-SQLi — exploit Django _connector SQL Injection (CVE-2025-64459) | canal RedTeam Brasil

PoC: dasel-cve-exercise

Melange packaging and apko image for Dasel v3.3.1 with a backported fix for CVE-2026-33320.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free