Common Vulnerabilities and Exposures (CVE)

CVE-2026-26963

Feb 19, 2026 23:38:36 UTC

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enable...

CVE-2026-26957

Feb 19, 2026 23:30:48 UTC

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force...

CVE-2026-27009

Feb 19, 2026 23:25:41 UTC

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity (name/avatar) into an inline `<script>` tag without script-context-safe escaping. A crafted val...

CVE-2026-27008

Feb 19, 2026 23:23:32 UTC

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in `download` skill installation allowed `targetDir` values from skill frontmatter to resolve outside the per-skill tools directory if not strictly validated. In the adm...

CVE-2026-27007

Feb 19, 2026 23:21:19 UTC

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration array...

CVE-2026-27004

Feb 19, 2026 23:18:47 UTC

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools (`sessions_list`, `sessions_history`, `sessions_send`) allowed broader session targeting than some operators intended....

CVE-2026-26959

Feb 19, 2026 23:16:43 UTC

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution...

CVE-2026-2350

Feb 19, 2026 23:14:23 UTC

Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.

CVE-2026-27003

Feb 19, 2026 23:14:10 UTC

OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces (for example, when request URLs include `https://api.telegram.org/bot<token>/...`). Prior to version 2026.2.15, OpenClaw logged these str...

CVE-2026-2605

Feb 19, 2026 23:13:38 UTC

Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.

CVE-2026-27002

Feb 19, 2026 23:12:17 UTC

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling con...

CVE-2026-1292

Feb 19, 2026 23:10:23 UTC

Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.

CVE-2026-27001

Feb 19, 2026 23:10:07 UTC

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory...

CVE-2026-2408

Feb 19, 2026 23:09:51 UTC

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.

CVE-2026-2435

Feb 19, 2026 23:09:41 UTC

Tanium addressed a SQL injection vulnerability in Asset.