漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw < 2026.3.28 - Unauthenticated Discovery Endpoint Credential Exfiltration via Remote Onboarding
Vulnerability Description
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture gateway credentials or traffic.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
源验证错误
Vulnerability Title
OpenClaw 访问控制错误漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.28之前版本存在访问控制错误漏洞,该漏洞源于远程引导组件中存在身份验证绕过漏洞,允许未经验证的发现端点持续存在且无需明确信任确认,攻击者可伪造发现端点将引导重定向至恶意网关并捕获网关凭据或流量。
CVSS Information
N/A
Vulnerability Type
N/A