| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40326 | Masa CMS CSRF in site bundle creation allows unauthorized site data export | MasaCMS | MasaCMS | - | - | 2026-05-06 19:57:04 | Deep Dive |
| CVE-2026-40325 | Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content | MasaCMS | MasaCMS | - | - | 2026-05-06 19:54:30 | Deep Dive |
| CVE-2026-44118 | OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header | OpenClaw | OpenClaw | High | 7.8 | 2026-05-06 19:49:37 | Deep Dive |
| CVE-2026-44117 | OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload | OpenClaw | OpenClaw | Medium | 5.8 | 2026-05-06 19:49:36 | Deep Dive |
| CVE-2026-44116 | OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation | OpenClaw | OpenClaw | High | 8.6 | 2026-05-06 19:49:36 | Deep Dive |
| CVE-2026-44115 | OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist | OpenClaw | OpenClaw | High | 8.8 | 2026-05-06 19:49:35 | Deep Dive |
| CVE-2026-44114 | OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv | OpenClaw | OpenClaw | High | 7.8 | 2026-05-06 19:49:33 | Deep Dive |
| CVE-2026-44113 | OpenClaw < 2026.4.22 - Time-of-Check/Time-of-Use Race Condition in OpenShell FS Bridge | OpenClaw | OpenClaw | Medium | 5.3 | 2026-05-06 19:49:30 | Deep Dive |
| CVE-2026-44112 | OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes | OpenClaw | OpenClaw | Medium | 5.3 | 2026-05-06 19:49:30 | Deep Dive |
| CVE-2026-44111 | OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get | OpenClaw | OpenClaw | Medium | 4.3 | 2026-05-06 19:49:29 | Deep Dive |
| CVE-2026-44109 | OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation | OpenClaw | OpenClaw | Critical | 9.8 | 2026-05-06 19:49:28 | Deep Dive |
| CVE-2026-44110 | OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store | OpenClaw | OpenClaw | High | 8.8 | 2026-05-06 19:49:28 | Deep Dive |
| CVE-2026-43585 | OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution | OpenClaw | OpenClaw | High | 8.1 | 2026-05-06 19:49:27 | Deep Dive |
| CVE-2026-43584 | OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy | OpenClaw | OpenClaw | High | 8.8 | 2026-05-06 19:49:26 | Deep Dive |
| CVE-2026-43583 | OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery | OpenClaw | OpenClaw | Medium | 5.3 | 2026-05-06 19:49:25 | Deep Dive |
| CVE-2026-43582 | OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass | OpenClaw | OpenClaw | Medium | 6.3 | 2026-05-06 19:49:25 | Deep Dive |
| CVE-2026-43581 | OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding | OpenClaw | OpenClaw | Critical | 9.6 | 2026-05-06 19:49:24 | Deep Dive |
| CVE-2026-43579 | OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes | OpenClaw | OpenClaw | Medium | 6.5 | 2026-05-06 19:49:23 | Deep Dive |
| CVE-2026-43580 | OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions | OpenClaw | OpenClaw | High | 7.7 | 2026-05-06 19:49:23 | Deep Dive |
| CVE-2026-43578 | OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade | OpenClaw | OpenClaw | Critical | 9.1 | 2026-05-06 19:49:22 | Deep Dive |