Known Vulnerabilities for Canvas by Automattic
Listed below are 1 of the newest known vulnerabilities associated with "Canvas" by "Automattic".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40933 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serial... | Not Provided | 2026-04-21 | 2026-04-22 |
| CVE-2026-35656 json | OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trust... | Not Provided | 2026-04-10 | 2026-04-10 |
| CVE-2026-35643 json | OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbi... | Not Provided | 2026-04-10 | 2026-04-10 |
| CVE-2026-35634 json | OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest(... | Not Provided | 2026-04-09 | 2026-04-10 |
| CVE-2026-3690 json | OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on a... | Not Provided | 2026-04-11 | 2026-04-11 |
| CVE-2026-3689 json | OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose s... | Not Provided | 2026-04-11 | 2026-04-11 |
| CVE-2026-3216 json | Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affect... | Not Provided | 2026-03-25 | 2026-03-27 |
| CVE-2025-49709 json | Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4. | Not Provided | 2025-06-11 | 2026-04-13 |
| CVE-2025-49290 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canva... | Not Provided | 2025-06-27 | 2026-04-01 |
| CVE-2025-31816 json | Missing Authorization vulnerability in pietro Mobile App Canvas mobile-app allows Exploiting Incorrectly Configured Access Co... | Not Provided | 2025-04-01 | 2026-04-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Automattic | Canvas | 2.6.1 | |||
| Application | Automattic | Canvas | 2.6.0 | |||
| Application | Automattic | Canvas | 2.5.0 | |||
| Application | Automattic | Canvas | 2.4.1 | |||
| Application | Automattic | Canvas | 2.4.0 | |||
| Application | Automattic | Canvas | 2.3.1 | |||
| Application | Automattic | Canvas | 2.3.0 | |||
| Application | Automattic | Canvas | 2.2.0 | |||
| Application | Automattic | Canvas | 2.1.0 | |||
| Application | Automattic | Canvas | 2.0.1 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 |