Tag

Dependency-Vulnerability

2 briefs RSS

OpenClaw Sandbox Bypass via Heartbeat Context Inheritance

A critical vulnerability in the openclaw npm package (<=2026.3.28) allows a heartbeat context inheritance to bypass the sandbox via senderIsOwner escalation, patched in version 2026.3.31.

sandbox-bypass dependency-vulnerability npm

2r Apr 2, 2026

high advisory

C2C CI utils Vulnerable to DoS via pyasn Dependency (CVE-2026-30922)

2 rules 1 TTP

The c2cciutils package is vulnerable to denial of service due to an uncontrolled recursion vulnerability (CWE-674) in the pyasn dependency, specifically versions before 1.1.65.

denial-of-service pyasn c2cciutils dependency-vulnerability

2r 1t Mar 26, 2026