Briefs

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability (CVE-2026-32973) due to improper normalization of patterns, allowing attackers to execute unintended commands via wildcard matching in POSIX paths.

OpenClaw before 2026.3.12 is vulnerable to an authentication bypass in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing unauthenticated network attackers to inject forged Feishu events and trigger downstream tool execution.

OpenClaw before 2026.3.11 is vulnerable to privilege escalation in the device.token.rotate function, allowing attackers with limited operator.pairing scope to mint tokens with elevated operator.admin privileges, potentially leading to remote code execution.

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool, allowing sandboxed subagents to access and modify session data outside their intended scope.

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces, enabling attackers with command authorization to read or modify privileged configuration settings.

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability that allows low-privilege leaf subagents to access the subagents control surface and execute commands with broader tool policies due to insufficient authorization checks, potentially leading to privilege escalation and unauthorized control of sibling processes.

A stack-based buffer overflow vulnerability (CVE-2026-5042) exists in the Belkin F9K1122 router version 1.00.33, allowing remote attackers to execute arbitrary code by manipulating the webpage argument in the formCrossBandSwitch function.

The Tycoon2FA phishing-as-a-service (PhaaS) platform, used to bypass MFA and compromise email accounts, saw a temporary decrease in activity after a law enforcement takedown, but cloud compromises have since returned to pre-disruption levels with unchanged TTPs, indicating continued threat actor activity.

A stack-based buffer overflow vulnerability (CVE-2026-5036) exists in the fromDhcpListClient function of the Tenda 4G06 router (version 04.06.01.29), potentially allowing remote attackers to execute arbitrary code by manipulating the 'page' argument in the /goform/DhcpListClient endpoint.

CrowdStrike enhances its CNAPP capabilities by incorporating adversary intelligence for risk prioritization, application-layer visibility, and runtime analysis, addressing critical gaps in cloud security and enabling faster remediation based on threat actor behavior like LABYRINTH CHOLLIMA and SCATTERED SPIDER.

CrowdStrike Falcon AIDR now supports NVIDIA NeMo Guardrails v0.20.0 to help organizations protect AI agents in production by blocking prompt injection attacks, redacting sensitive data, and controlling agent behavior.

CrowdStrike's CNAPP enhancements prioritize cloud risk based on adversary behavior, correlating application insights with cloud infrastructure telemetry to identify and address critical exposures targeted by specific threat actors like LABYRINTH CHOLLIMA and SCATTERED SPIDER.

CrowdStrike's CNAPP enhancements prioritize cloud risks based on adversary behavior, application context, and configuration change tracking to reduce breach likelihood.

CrowdStrike Falcon Next-Gen SIEM now supports third-party EDR solutions like Microsoft Defender, enabling unified detection and response across diverse environments, addressing the challenges of cross-domain attacks and fragmented security systems.

CrowdStrike Falcon AIDR now supports NVIDIA NeMo Guardrails to protect AI agents by blocking prompt injection attacks, redacting sensitive data, defanging malicious content, and moderating unwanted topics, ensuring compliance and preventing abuse.

A remote SQL injection vulnerability exists in code-projects Accounting System 1.0 via manipulation of the 'cos_id' parameter in '/edit_costumer.php', potentially allowing unauthorized database access.

A stack-based buffer overflow vulnerability in Tenda F453 1.0.0.3 allows a remote attacker to execute arbitrary code by manipulating the 'delno' argument in the fromPPTPUserSetting function of the /goform/PPTPUserSetting component's httpd process.

CrowdStrike enhances its CNAPP capabilities by incorporating adversary intelligence for improved risk prioritization, addressing limitations in infrastructure visibility, threat actor behavior analysis, and alert triage.

A stack-based buffer overflow vulnerability exists in Wavlink WL-WN579X3-C 231124's UPNP Handler component, specifically in the /cgi-bin/firewall.cgi file and the sub_4019FC function, allowing remote attackers to execute arbitrary code by manipulating the UpnpEnabled argument; public exploits are available, but the vendor has not responded to the disclosure.

A SQL injection vulnerability exists in code-projects Simple Food Order System 1.0 within the register-router.php file, where manipulation of the Name argument can lead to remote code execution.

CVE-2026-5017 is a SQL injection vulnerability in code-projects Simple Food Order System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'Status' parameter in the `/all-tickets.php` file.

A server-side request forgery vulnerability exists in elecV2 elecV2P up to 3.8.3, affecting the eAxios function within the /mock URL handler, allowing remote attackers to manipulate the req argument and potentially conduct internal reconnaissance or other malicious activities.

CrowdStrike Falcon AIDR now supports NVIDIA NeMo Guardrails, providing enterprise-grade protection for AI agents by defending against runtime attacks like prompt injection, redacting sensitive data, defanging malicious content, and moderating unwanted topics to ensure agents stay within compliance boundaries in sectors like finance, healthcare, customer service, and software development.

CrowdStrike's Falcon Next-Gen SIEM expands to support third-party EDR solutions, beginning with Microsoft Defender, to unify detection, investigation, and response without requiring the Falcon sensor and modernize security operations.

CrowdStrike Falcon Next-Gen SIEM is expanding its capabilities to integrate with third-party EDR solutions, starting with Microsoft Defender, to enable organizations to extend their AI-native SOC across heterogeneous environments without replacing existing endpoint agents.

CrowdStrike is introducing innovations to secure AI agents and govern shadow AI across endpoints, SaaS, and cloud environments by extending AI detection and response (AIDR) capabilities to cover desktop AI applications and provide visibility into AI-related components, helping to prevent prompt attacks, data leaks, and policy violations.

CrowdStrike Falcon AIDR now supports NVIDIA NeMo Guardrails to protect AI agents from attacks like prompt injection, data exfiltration, and unauthorized actions, enabling organizations to deploy AI applications more securely.

CrowdStrike Falcon AIDR integrates with NVIDIA NeMo Guardrails to provide comprehensive protection for AI agents against prompt injection, data leaks, and malicious content.

CrowdStrike has enhanced its CNAPP capabilities by adding application-layer visibility and prioritizing risks based on known adversary tactics, techniques, and procedures (TTPs).

A SQL injection vulnerability exists in Sinaptik AI PandasAI up to version 0.1.4 within the pandasai-lancedb Extension, allowing remote exploitation through manipulation of multiple functions in the lancedb.py file.