CVE.report search for "CVE-2026-43172"
Listed below are 50 relevant search results for "CVE-2026-43172" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-43574 | OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved app... | ||
| CVE-2026-43573 | OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser inte... | ||
| CVE-2026-43572 | OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke ... | ||
| CVE-2026-43571 | OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve w... | ||
| CVE-2026-43570 | OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path h... | ||
| CVE-2026-43569 | OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enab... | ||
| CVE-2026-43568 | OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to m... | ||
| CVE-2026-43567 | OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses... | ||
| CVE-2026-43566 | OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logi... | ||
| CVE-2026-43535 | OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows mes... | ||
| CVE-2026-43534 | OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as tru... | ||
| CVE-2026-43533 | OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to referenc... | ||
| CVE-2026-43532 | OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processin... | ||
| CVE-2026-43531 | OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to ... | ||
| CVE-2026-43530 | OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox app... | ||
| CVE-2026-43529 | OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function ... | ||
| CVE-2026-43528 | OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unre... | ||
| CVE-2026-43527 | OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-net... | ||
| CVE-2026-43526 | OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows ... | ||
| CVE-2026-43276 | In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix double destroy_workqueue on service resca... | ||
| CVE-2026-43016 | In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_... | ||
| CVE-2026-42994 | Bitwarden | Cli | Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This... |
| CVE-2026-42799 | Asrmicro | Asr1803 | Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated w... |
| CVE-2026-42779 | Apache | Mina | The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: ... |
| CVE-2026-42778 | Apache | Mina | The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The ... |
| CVE-2026-42439 | OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action selec... | ||
| CVE-2026-42438 | OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachmen... | ||
| CVE-2026-42437 | OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket pa... | ||
| CVE-2026-42436 | OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes t... | ||
| CVE-2026-42435 | OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing atta... | ||
| CVE-2026-42434 | OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec... | ||
| CVE-2026-42433 | OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access... | ||
| CVE-2026-42432 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exe... |
| CVE-2026-42431 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persi... |
| CVE-2026-42430 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows att... |
| CVE-2026-42429 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism th... |
| CVE-2026-42428 | Openclaw | Openclaw | OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install... |
| CVE-2026-42427 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entri... |
| CVE-2026-42426 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator... |
| CVE-2026-42424 | Openclaw | Openclaw | OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel loc... |
| CVE-2026-42423 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval req... |
| CVE-2026-42422 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens ... |
| CVE-2026-42421 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway... |
| CVE-2026-42420 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing deco... |
| CVE-2026-42249 | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attack... | ||
| CVE-2026-42091 | goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CS... | ||
| CVE-2026-41916 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes sta... |
| CVE-2026-41915 | Openclaw | Openclaw | OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec o... |
| CVE-2026-41914 | Openclaw | Openclaw | OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF... |
| CVE-2026-41913 | Openclaw | Openclaw | OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent async... |