OpenClaw v2.7.1-v3.5.5 Pre-Auth Session Control Vulnerability (CWE-306) with POC

github.com 2026-06-02查看中文 →

Security AdvisoryHighEnderfga

Affected:

claw-orchestrator v2.7.1 to v3.5.5

Fixed in:

v3.5.6

Referenced CVEs: CVE-2026-10281 · 7.3

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

authentik SFE Reflected XSS Vulnerability (CVE-2026-42649) 2026-06-03 Missing Auth Token Validation in Geyser/Cloudburst (GHSA-g2fr-c75x-4f89/CVE-2026-45289) 2026-06-03 authentik SAML ACS XML Signature Wrapping Vulnerability (CVE-2026-47201) 2026-06-03 authentik SourceStage Empty POST Authentication Bypass (CVE-2026-4348) 2026-06-03 UserSourceConnection Privilege Defect Leading to Unauthorized Login - Vulnerability Advisory and POC 2026-06-03

Offline Archive

Offline screenshot & PDF are Pro-exclusive