Labs
Short research notes on newly disclosed vulnerabilities: the problem, the payload, and the fix.
- high
CVE-2026-53831: openclaw system.run Safe-Bin Allowlist Bypass via Shell Expansion
OpenClaw's safe-bin allowlist for system.run checked command arguments before the shell expanded them, so a glob or environment variable that looked harmless at check time could silently become a file
- highCVE-2026-53815
CVE-2026-53815: openclaw Message Read Action Channel Allowlist Bypass
A flaw in OpenClaw's message read action lets a lower-trust caller fetch messages from channels they are not supposed to access, bypassing the operator-configured channel allowlist.
- high
CVE-2026-53829: openclaw Exec Approval Display Truncation
Authenticated users could submit an exec command long enough that the approval UI showed only a harmless-looking prefix, hiding a malicious suffix that would still run after the approver clicked appro
- criticalCVE-2026-50027
CVE-2026-50027: mcp-memory-service Missing Authentication on Document API Endpoints
All seven file/document endpoints in mcp-memory-service accepted requests without any credentials, letting anyone on the network read, write, or delete stored AI memories even when API-key or OAuth au
- highCVE-2026-50163
CVE-2026-50163: oras-go Hardlink Path Traversal via CWD Resolution
A crafted OCI artifact with a tar hardlink entry pointing to a relative path can trick oras-go into linking files outside the extraction directory, exposing arbitrary files in the caller's working dir
- highCVE-2026-53712
CVE-2026-53712: scram-client SCRAM Channel-Binding Silent Authentication Downgrade
A flaw in the OnGres SCRAM Java library lets a TLS man-in-the-middle silently strip channel binding from a SCRAM-SHA-256-PLUS login, defeating the only protection that channelBinding=require is suppos
- highCVE-2026-50138
CVE-2026-50138: goshs WebDAV Mode-Flag Access Control Bypass
When goshs is started with WebDAV enabled, the --read-only, --upload-only, and --no-delete restriction flags are silently ignored on the WebDAV port, letting any authenticated client write, delete, or
- highCVE-2026-50151
CVE-2026-50151: oras-go Credential Leak via Unvalidated Location Header in Blob Upload
A malicious OCI registry can redirect oras-go's blob upload to an attacker-controlled server and steal the caller's registry credentials by returning a cross-host Location header.
- highCVE-2026-49998
CVE-2026-49998: Centrifugo Cross-Issuer JWT Authentication Bypass via JWKS Kid Cache Collision
In Centrifugo's multi-tenant dynamic JWKS setup, a valid token for one tenant can silently authenticate as a completely different tenant because the key cache is keyed only by kid, not by which JWKS e
- highCVE-2026-41053
CVE-2026-41053: Rancher GitHub App Auth Over-Inclusive Team Membership Expansion
A logic bug in Rancher's GitHub App authentication provider gives any org member the group permissions of every team in the organization, not just the teams they actually belong to.
- criticalCVE-2026-41052
CVE-2026-41052: Rancher Project Owner Privilege Escalation to Host
A Rancher user with Project Owner access can relabel a namespace to use the 'privileged' Pod Security Admission profile, then deploy containers that break out of standard isolation and reach host-leve
- criticalCVE-2026-49457
CVE-2026-49457: erlang/quic Broken TLS Certificate Verification (MITM)
Every erlang/quic client connection before version 1.4.4 skipped all three TLS server authentication checks, letting any attacker on the network path impersonate any server by presenting an arbitrary