CVE.report search for "CVE-2026-1876"
Listed below are 50 relevant search results for "CVE-2026-1876" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-42799 | Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated w... | ||
| CVE-2026-42432 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exe... |
| CVE-2026-42431 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persi... |
| CVE-2026-42430 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows att... |
| CVE-2026-42429 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism th... |
| CVE-2026-42428 | Openclaw | Openclaw | OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install... |
| CVE-2026-42427 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entri... |
| CVE-2026-42426 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator... |
| CVE-2026-42424 | Openclaw | Openclaw | OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel loc... |
| CVE-2026-42423 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval req... |
| CVE-2026-42422 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens ... |
| CVE-2026-42421 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway... |
| CVE-2026-42420 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing deco... |
| CVE-2026-42249 | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attack... | ||
| CVE-2026-41916 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes sta... |
| CVE-2026-41915 | Openclaw | Openclaw | OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec o... |
| CVE-2026-41914 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF... |
| CVE-2026-41913 | Openclaw | Openclaw | OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent async... |
| CVE-2026-41912 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger nav... |
| CVE-2026-41911 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file r... |
| CVE-2026-41910 | Openclaw | Openclaw | OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An autho... |
| CVE-2026-41909 | Openclaw | Openclaw | OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows li... |
| CVE-2026-41908 | Openclaw | Openclaw | OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-... |
| CVE-2026-41894 | SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denyli... | ||
| CVE-2026-41882 | In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files ... | ||
| CVE-2026-41679 | Paperclip | Paperclipai | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416... |
| CVE-2026-41426 | Pretalx | Pretalx | pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails... |
| CVE-2026-41408 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits fo... |
| CVE-2026-41407 | Openclaw | Openclaw | OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early l... |
| CVE-2026-41406 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted ... |
| CVE-2026-41405 | Openclaw | Openclaw | OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated a... |
| CVE-2026-41404 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allow... |
| CVE-2026-41403 | Openclaw | Openclaw | OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteV... |
| CVE-2026-41402 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticat... |
| CVE-2026-41400 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket... |
| CVE-2026-41399 | Openclaw | Openclaw | OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget a... |
| CVE-2026-41398 | Openclaw | Openclaw | OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-n... |
| CVE-2026-41397 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through... |
| CVE-2026-41396 | Openclaw | Openclaw | OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, comp... |
| CVE-2026-41395 | Openclaw | Openclaw | OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query... |
| CVE-2026-41394 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes recei... |
| CVE-2026-41393 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS... |
| CVE-2026-41392 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via s... |
| CVE-2026-41391 | Openclaw | Openclaw | OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution c... |
| CVE-2026-41390 | Openclaw | Openclaw | OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr... |
| CVE-2026-41389 | Openclaw | Openclaw | OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbit... |
| CVE-2026-41388 | Openclaw | Openclaw | OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settin... |
| CVE-2026-41387 | Openclaw | Openclaw | OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-po... |
| CVE-2026-41386 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended... | ||
| CVE-2026-41385 | OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method ... | ||