CVE-2026-28481— OpenClaw 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-28481の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
OpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix Matching
ソース: NVD (National Vulnerability Database)
脆弱性説明
OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader (optional extension must be enabled) that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403 responses, the application sends Authorization bearer tokens to untrusted hosts matching the permissive suffix-based allowlist, enabling token theft.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
通过发送数据的信息暴露
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
OpenClaw 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.2.1之前版本存在安全漏洞,该漏洞源于MS Teams附件下载器在收到401或403响应后重试下载时,会将授权承载令牌发送到与宽松的基于后缀的允许列表匹配的不受信任主机,可能导致令牌窃取。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2026-28481の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2026-28481のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-03-05 · 46 CVEs total
| CVE-2026-28466 | 9.9 CRITICAL | OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass |
| CVE-2026-28391 | 9.8 CRITICAL | OpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist Enforcemen |
| CVE-2026-28470 | 9.8 CRITICAL | OpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double Quotes |
| CVE-2026-28474 | 9.8 CRITICAL | OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing |
| CVE-2026-28446 | 9.4 CRITICAL | OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Ca |
| CVE-2026-29610 | 8.8 HIGH | OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling |
| CVE-2026-28485 | 8.4 HIGH | OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints |
| CVE-2026-28463 | 8.4 HIGH | OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins Allowlist |
| CVE-2026-28476 | 8.3 HIGH | OpenClaw < 2026.2.14 - Server-Side Request Forgery in Tlon Extension Authentication |
| CVE-2026-28451 | 8.3 HIGH | OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching |
| CVE-2026-28472 | 8.1 HIGH | OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake |
| CVE-2026-28447 | 8.1 HIGH | OpenClaw 2026.1.29-beta.1 < 2026.2.1 - Path Traversal in Plugin Installation via Package N |
| CVE-2026-28458 | 8.1 HIGH | OpenClaw 2026.1.20 < 2026.2.1 - Missing Authentication in Browser Relay /cdp WebSocket End |
| CVE-2026-28473 | 8.1 HIGH | OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command |
| CVE-2026-28468 | 7.7 HIGH | OpenClaw 2026.1.29-beta.1 < 2026.2.14 - Authentication Bypass in Sandbox Browser Bridge Se |
| CVE-2026-28393 | 7.7 HIGH | OpenClaw 2.0.0-beta3 < 2026.2.14 - Arbitrary JavaScript Module Loading via Hook Transform |
| CVE-2026-28392 | 7.5 HIGH | OpenClaw < 2026.2.14 - Privilege Escalation in Slack Slash Command Handler via Direct Mess |
| CVE-2026-28462 | 7.5 HIGH | OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths |
| CVE-2026-28479 | 7.5 HIGH | OpenClaw < 2026.2.15 - Cache Poisoning via Deprecated SHA-1 Hash in Sandbox Configuration |
| CVE-2026-29611 | 7.5 HIGH | OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media H |
Showing 20 of 46 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
同じベンダー: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
同じ弱点: CWE-201
- CVE-2025-31978
HCL BigFix Service Management (SM) does not adequately sanit - CVE-2026-42379
WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposu - CVE-2026-5512
Improper authorization vulnerability in GitHub Enterprise Se - CVE-2026-40161
Tekton Pipelines: Git resolver API mode leaks system-configu - CVE-2026-4525
Vault Token Leaked to Backends via Authorization: Bearer Pas
V. CVE-2026-28481へのコメント
まだコメントはありません