8 vulnerabilities classified as CWE-372 (不完整的内部状态区分). AI Chinese analysis included.
CWE-372 represents a logic flaw where software fails to accurately track its current operational state, leading to erroneous assumptions about its condition. Attackers typically exploit this vulnerability by manipulating inputs or triggering specific sequences that force the application into an unintended state, such as bypassing authentication checks or executing privileged commands without proper authorization. This misidentification allows malicious actors to circumvent security controls that rely on accurate state verification. To prevent such issues, developers must implement robust state management mechanisms, ensuring that every state transition is explicitly validated and logged. Utilizing finite state machines with strict validation rules and comprehensive error handling helps maintain state integrity. Additionally, thorough code reviews and automated testing focused on state transition paths can identify discrepancies before deployment, ensuring the system consistently operates within its expected security boundaries.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41388 | OpenClaw < 2026.3.31 - Configuration Rehydration via Empty-Array Revocation Handling — OpenClaw | 6.5 | Medium | 2026-04-28 |
| CVE-2026-41340 | OpenClaw < 2026.3.31 - Authentication Boundary Bypass via Telegram Legacy allowFrom Migration — OpenClaw | 6.5 | Medium | 2026-04-23 |
| CVE-2026-41300 | OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding — OpenClaw | 6.5 | Medium | 2026-04-20 |
| CVE-2023-4012 | Incomplete Internal State Distinction in ntpsec — ntpsec | 7.5 | High | 2023-08-07 |
| CVE-2023-36834 | Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes configured for L2 transparency will cause a DoS — Junos OS | 6.5 | Medium | 2023-07-14 |
| CVE-2023-31127 | DMTF-2023-0001: SPDM mutual authentication bypass — libspdm | 9.1 | Critical | 2023-05-08 |
| CVE-2021-25735 | Validating Admission Webhook does not observe some previous fields — Kubernetes | 6.5 | Medium | 2021-09-06 |
| CVE-2020-27222 | Eclipse Californium 安全漏洞 — Eclipse Californium | 7.5 | - | 2021-02-03 |
Vulnerabilities classified as CWE-372 (不完整的内部状态区分) represent 8 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.