CVE.report search for "CVE-2026-50086"
Listed below are 50 relevant search results for "CVE-2026-50086" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-53839 | OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname ... | ||
| CVE-2026-53838 | OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to co... | ||
| CVE-2026-53837 | OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validat... | ||
| CVE-2026-53836 | OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attac... | ||
| CVE-2026-53835 | OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allo... | ||
| CVE-2026-53834 | OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows aut... | ||
| CVE-2026-53833 | OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authentic... | ||
| CVE-2026-53832 | OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trus... | ||
| CVE-2026-53831 | OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows... | ||
| CVE-2026-53830 | OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo ... | ||
| CVE-2026-53829 | OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command ... | ||
| CVE-2026-53828 | OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated ... | ||
| CVE-2026-53827 | OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controll... | ||
| CVE-2026-53826 | OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the rea... | ||
| CVE-2026-53825 | OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenti... | ||
| CVE-2026-53824 | OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue ex... | ||
| CVE-2026-53823 | OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack d... | ||
| CVE-2026-53822 | OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval a... | ||
| CVE-2026-53821 | OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trus... | ||
| CVE-2026-53820 | OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that a... | ||
| CVE-2026-53819 | Openclaw | Openclaw | OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env file... |
| CVE-2026-53818 | Openclaw | Openclaw | OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner ca... |
| CVE-2026-53817 | Openclaw | Openclaw | OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with netwo... |
| CVE-2026-53816 | Openclaw | Openclaw | OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows pai... |
| CVE-2026-53815 | Openclaw | Openclaw | OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist... |
| CVE-2026-53814 | Openclaw | Openclaw | OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive o... |
| CVE-2026-53813 | Openclaw | Openclaw | OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influ... |
| CVE-2026-53812 | Openclaw | Openclaw | OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated u... |
| CVE-2026-53811 | Openclaw | Openclaw | OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authentica... |
| CVE-2026-53810 | OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect l... | ||
| CVE-2026-53809 | Openclaw | Openclaw | OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provide... |
| CVE-2026-53808 | Openclaw | Openclaw | OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent ... |
| CVE-2026-53807 | Openclaw | Openclaw | OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authent... |
| CVE-2026-53806 | Openclaw | Openclaw | OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec... |
| CVE-2026-50632 | Apache | Cxf | A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CX... |
| CVE-2026-50265 | Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 | ||
| CVE-2026-50127 | Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not ... | ||
| CVE-2026-50085 | The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveM... | ||
| CVE-2026-50084 | The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any ... | ||
| CVE-2026-50083 | The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798:... | ||
| CVE-2026-50082 | The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker... | ||
| CVE-2026-49448 | Goauthentik | Authentik | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be b... |
| CVE-2026-49443 | Goauthentik | Authentik | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the abil... |
| CVE-2026-49433 | The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attac... | ||
| CVE-2026-49386 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Pl... |
| CVE-2026-49385 | Jetbrains | Youtrack | In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts |
| CVE-2026-49383 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible |
| CVE-2026-49382 | Jetbrains | Intellij Idea | In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin |
| CVE-2026-49381 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible |
| CVE-2026-49380 | Jetbrains | Teamcity | In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible |