FediSecfeeds

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23902/

##

thehackerwire@mastodon.social at 2026-04-24T20:10:02.000Z ##

🟠 CVE-2026-23902 - High (8.1)

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution.

This issue affects Apache DolphinScheduler ve...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41478
(9.9 CRITICAL)

EPSS: 0.03%

updated 2026-04-24T21:16:19.353000

1 posts

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through sync parameters. This can lead to full database exfiltration, including admin password hashes and confi

thehackerwire@mastodon.social at 2026-04-24T21:59:50.000Z ##

🔴 CVE-2026-41478 - Critical (9.9)

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41478/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41472
(0 None)

EPSS: 0.67%

updated 2026-04-24T21:16:18.967000

2 posts

CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findings_json field of ScanHistory records. Attackers can inject JavaScript that executes in an administrator's authenticated se

secdb at 2026-04-27T00:01:17.188Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

secdb@infosec.exchange at 2026-04-27T00:01:17.000Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

CVE-2026-41328
(9.1 CRITICAL)

EPSS: 0.08%

updated 2026-04-24T21:16:18.650000

3 posts

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a schema predicate with @unique @index(exact) @lang vi

offseq at 2026-04-25T04:30:28.825Z ##

🚨 CVE-2026-41328: CRITICAL DQL injection in dgraph-io Dgraph (<25.3.3) allows unauthenticated full DB read! Exploit via crafted POSTs to port 8080. Patch to 25.3.3+ or enable ACL to mitigate. Details: https://radar.offseq.com/threat/cve-2026-41328-cwe-943-improper-neutralization-of--c8d19cb1 #OffSeq #CVE202641328 #GraphQL #infosec

##

updated 2026-04-24T20:52:12

2 posts

### Summary The upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later writes using the decoded `req.params.uploadId`. In deployments that use a supported custom `PSITRANSFER_UPLOAD_DIR` whose basename prefixes a startup-loaded JavaScript path, such as `conf`, an unauthenticated attacker can create `co

thehackerwire@mastodon.social at 2026-04-25T22:00:10.000Z ##

🟠 CVE-2026-41180 - High (7.5)

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later wr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41180/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T22:00:10.000Z ##

🟠 CVE-2026-41180 - High (7.5)

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later wr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41180/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-7399
(8.8 HIGH)

EPSS: 82.26%

updated 2026-04-24T20:23:57.990000

3 posts

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

https://github.com/davidxbors/CVE-2024-7399-POC

1 repos

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726

⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728

⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399

⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:08.000Z ##

CVE ID: CVE-2024-7399
Vendor: Samsung
Product: MagicINFO 9 Server
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-7399

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-41492
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-24T20:16:28.470000

2 posts

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the X-Dgraph-AuthToken header to access admin-only endpoints. This is

offseq@infosec.exchange at 2026-04-25T01:30:29.000Z ##

⚠️ CRITICAL: dgraph-io Dgraph (< 25.3.3) leaks admin tokens via unauthenticated /debug/vars endpoint. Attackers can gain admin access! Patch to 25.3.3+ ASAP. CVE-2026-41492 | More: https://radar.offseq.com/threat/cve-2026-41492-cwe-200-exposure-of-sensitive-infor-932f1edf #OffSeq #CVE202641492 #Dgraph #Vulnerability

##

thehackerwire@mastodon.social at 2026-04-24T19:41:02.000Z ##

🔴 CVE-2026-41492 - Critical (9.8)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..."...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41492/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41477
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-24T20:16:28.340000

1 posts

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary commands as SYSTEM. Affects both stable v1.20.0 + and Continuous v1.26.0.134 prerelease.

thehackerwire@mastodon.social at 2026-04-24T20:41:18.000Z ##

🟠 CVE-2026-41477 - High (7.8)

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41477/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41429
(8.8 HIGH)

EPSS: 0.02%

updated 2026-04-24T20:16:27.663000

2 posts

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the device listens on UDP port 137 and processes untrusted NBNS requests from the local network. The request parser trusts the

Matchbook3469@mastodon.social at 2026-04-26T14:06:41.000Z ##

🔶 New security advisory:

CVE-2026-41429 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41429-arduino-esp32-memory-corruption

#Cybersecurity #PatchNow #InfoSecCommunity

##

thehackerwire@mastodon.social at 2026-04-24T20:41:39.000Z ##

🟠 CVE-2026-41429 - High (8.8)

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled b...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41429/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-29635
(7.2 HIGH)

EPSS: 58.94%

updated 2026-04-24T19:27:15.560000

5 posts

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

beyondmachines1 at 2026-04-26T08:01:09.670Z ##

Mirai Botnet Exploits Critical RCE Flaw in End-of-Life D-Link Routers

A Mirai-based botnet campaign is actively exploiting CVE-2025-29635, a command injection flaw in end-of-life D-Link DIR-823X routers, to execute remote code via crafted POST requests and enlist devices for DDoS attacks.

**If you are using D-Link DIR-823X routerm you are under attack. Make sure its management interface is isolated from the internet and accessible only from trusted networks. Since this device is end-of-life with no patch coming for CVE-2025-29635, replace it with a currently supported model.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/mirai-botnet-exploits-critical-rce-flaw-in-end-of-life-d-link-routers-9-9-w-1-p/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2026-04-26T08:01:09.000Z ##

Mirai Botnet Exploits Critical RCE Flaw in End-of-Life D-Link Routers

A Mirai-based botnet campaign is actively exploiting CVE-2025-29635, a command injection flaw in end-of-life D-Link DIR-823X routers, to execute remote code via crafted POST requests and enlist devices for DDoS attacks.

**If you are using D-Link DIR-823X routerm you are under attack. Make sure its management interface is isolated from the internet and accessible only from trusted networks. Since this device is end-of-life with no patch coming for CVE-2025-29635, replace it with a currently supported model.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/mirai-botnet-exploits-critical-rce-flaw-in-end-of-life-d-link-routers-9-9-w-1-p/gD2P6Ple2L

##

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726

⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728

⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399

⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:00:52.000Z ##

CVE ID: CVE-2025-29635
Vendor: D-Link
Product: DIR-823X
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-29635

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2024-57728
(7.2 HIGH)

EPSS: 50.59%

updated 2026-04-24T19:27:00.700000

3 posts

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726

⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728

⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399

⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:23.000Z ##

CVE ID: CVE-2024-57728
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-57728

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2024-57726
(9.9 CRITICAL)

EPSS: 52.25%

updated 2026-04-24T19:26:52.160000

3 posts

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726

⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728

⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399

⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:38.000Z ##

CVE ID: CVE-2024-57726
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-57726

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-41419
(7.6 HIGH)

EPSS: 0.03%

updated 2026-04-24T19:17:13.603000

1 posts

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be downloaded through the normal application interface, resulting in unauthorized local file disclosure. T

thehackerwire@mastodon.social at 2026-04-24T19:41:12.000Z ##

🟠 CVE-2026-41419 - High (7.6)

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOAR...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41419/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41327
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-04-24T19:17:12.407000

3 posts

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a single HTTP POST to /mutate?commitNow=true containing a crafted cond field in an upsert mutation. The con

offseq@infosec.exchange at 2026-04-25T03:00:27.000Z ##

🚨 CRITICAL vuln: CVE-2026-41327 in dgraph-io dgraph (<25.3.3). Unauthenticated attacker can exfiltrate all DB data with a crafted POST via upsert mutation. Upgrade to 25.3.3+ or enable ACL ASAP! https://radar.offseq.com/threat/cve-2026-41327-cwe-943-improper-neutralization-of--8885efbe #OffSeq #Vuln #GraphQL #DataLeak

##

thehackerwire@mastodon.social at 2026-04-24T19:44:11.000Z ##

🔴 CVE-2026-41327 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

updated 2026-04-24T19:17:10.973000

2 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to include an xbean binding that can be later used by a VM transport to load a remote Spring XML applicatio

Matchbook3469@mastodon.social at 2026-04-26T08:02:04.000Z ##

🟠 New security advisory:

CVE-2026-41044 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41044-activemq-rce-via-spring-xml

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41044/

##

thehackerwire@mastodon.social at 2026-04-24T20:10:20.000Z ##

🟠 CVE-2026-41044 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All.

An authenticated attacker can use the admin web console page to construct a malici...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40466
(8.8 HIGH)

EPSS: 0.11%

updated 2026-04-24T19:17:10.567000

2 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via BrokerView.addNetworkConnector or BrokerView.addConnector through Jolokia if the activemq-http module is on th

Matchbook3469@mastodon.social at 2026-04-26T15:09:36.000Z ##

🟠 New security advisory:

CVE-2026-40466 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40466-activemq-code-injection-after-auth-bypass

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40466/

##

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33666
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T19:17:10.147000

2 posts

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes (512 MB) from a buffer that is only a few bytes long, causing a segmentation fault. This vulnerability is

thehackerwire@mastodon.social at 2026-04-24T19:44:21.000Z ##

🟠 CVE-2026-33666 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is comp...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33666/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:45.000Z ##

🟠 CVE-2026-33666 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds check receives the overflowed value and is comp...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33666/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33662
(7.5 HIGH)

EPSS: 0.07%

updated 2026-04-24T19:17:09.997000

2 posts

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the amount of padding needed, "PS size", is calculated by subtracting the size of the digest and other fields required for th

thehackerwire@mastodon.social at 2026-04-24T19:44:30.000Z ##

🟠 CVE-2026-33662 - High (7.5)

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33662/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:43:08.000Z ##

🟠 CVE-2026-33662 - High (7.5)

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33662/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33524
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T19:17:09.850000

1 posts

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error (Denial of Service). This vulnerability is fixed in 2.18.1.

thehackerwire@mastodon.social at 2026-04-24T19:41:46.000Z ##

🟠 CVE-2026-33524 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33524/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-50229
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-04-24T19:16:31.937000

2 posts

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.

thehackerwire@mastodon.social at 2026-04-25T21:59:51.000Z ##

🔴 CVE-2025-50229 - Critical (9.8)

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50229/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T21:59:51.000Z ##

🔴 CVE-2025-50229 - Critical (9.8)

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50229/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40897
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-24T17:56:41.280000

2 posts

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. This vulnerability is fixed in 15.2.0.

Matchbook3469@mastodon.social at 2026-04-26T16:54:54.000Z ##

⚠️ New security advisory:

CVE-2026-40897 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40897-math-js-parser-rce-in-expression-eval

#CVE #ZeroDay #ThreatIntel

##

thehackerwire@mastodon.social at 2026-04-24T19:42:32.000Z ##

🟠 CVE-2026-40897 - High (8.8)

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40897/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6912
(8.8 HIGH)

EPSS: 0.15%

updated 2026-04-24T17:56:41.280000

3 posts

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy

Matchbook3469@mastodon.social at 2026-04-26T10:53:26.000Z ##

⚠️ New security advisory:

CVE-2026-6912 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6912-aws-ops-wheel-admin-escalation

#CVE #ZeroDay #ThreatIntel

##

thehackerwire@mastodon.social at 2026-04-24T19:42:23.000Z ##

🟠 CVE-2026-6912 - High (8.8)

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito u...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6912/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

awssecurityfeed@infosec.exchange at 2026-04-24T17:00:01.000Z ##

Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912

Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtua...

https://aws.amazon.com/security/security-bulletins/rss/2026-018-aws/

#aws #security

##

CVE-2026-6911
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-24T17:56:41.280000

5 posts

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint. To remediate this issue, u

Matchbook3469@mastodon.social at 2026-04-25T14:05:14.000Z ##

🚨 New security advisory:

CVE-2026-6911 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6911-ops-wheel-unauthenticated-admin-access

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6911/

##

offseq at 2026-04-25T07:30:25.791Z ##

🚨 CRITICAL: CVE-2026-6911 in AWS Ops Wheel — missing JWT signature checks allow unauth access & admin control over all tenants. Patch by redeploying from the updated repo! Details: https://radar.offseq.com/threat/cve-2026-6911-cwe-347-improper-verification-of-cry-0f0da004 #OffSeq #AWS #Vuln #JWT

##

offseq@infosec.exchange at 2026-04-25T07:30:25.000Z ##

🚨 CRITICAL: CVE-2026-6911 in AWS Ops Wheel — missing JWT signature checks allow unauth access & admin control over all tenants. Patch by redeploying from the updated repo! Details: https://radar.offseq.com/threat/cve-2026-6911-cwe-347-improper-verification-of-cry-0f0da004 #OffSeq #AWS #Vuln #JWT

##

thehackerwire@mastodon.social at 2026-04-24T19:41:56.000Z ##

🔴 CVE-2026-6911 - Critical (9.8)

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across te...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

awssecurityfeed@infosec.exchange at 2026-04-24T17:00:01.000Z ##

Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912

Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtua...

https://aws.amazon.com/security/security-bulletins/rss/2026-018-aws/

#aws #security

##

CVE-2026-41066
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-24T17:56:41.280000

1 posts

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.

thehackerwire@mastodon.social at 2026-04-24T19:44:51.000Z ##

🟠 CVE-2026-41066 - High (7.5)

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_ent...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41066/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39920
(9.8 CRITICAL)

EPSS: 0.20%

updated 2026-04-24T17:55:55.317000

4 posts

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary com

Matchbook3469@mastodon.social at 2026-04-25T15:09:16.000Z ##

🔴 New security advisory:

CVE-2026-39920 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-39920-bridgehead-filestore-unauth-rce

#Cybersecurity #VulnerabilityManagement #CyberSec

##

offseq at 2026-04-25T09:00:27.686Z ##

🔥 CVE-2026-39920: BridgeHead FileStore <24A has a CRITICAL flaw — Apache Axis2 admin exposed with default creds, allowing unauthenticated remote OS command execution. Restrict access, change creds & monitor! Patch status pending. https://radar.offseq.com/threat/cve-2026-39920-cwe-1188-initialization-of-a-resour-596011eb #OffSeq #Vuln #Cybersecurity

##

offseq@infosec.exchange at 2026-04-25T09:00:27.000Z ##

🔥 CVE-2026-39920: BridgeHead FileStore <24A has a CRITICAL flaw — Apache Axis2 admin exposed with default creds, allowing unauthenticated remote OS command execution. Restrict access, change creds & monitor! Patch status pending. https://radar.offseq.com/threat/cve-2026-39920-cwe-1188-initialization-of-a-resour-596011eb #OffSeq #Vuln #Cybersecurity

##

thehackerwire@mastodon.social at 2026-04-24T20:07:25.000Z ##

🔴 CVE-2026-39920 - Critical (9.8)

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS command...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39920/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41068
(7.7 HIGH)

EPSS: 0.03%

updated 2026-04-24T17:16:21.240000

1 posts

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. However, the ConfigMap context loader has the identical vulnerability — the `configMap.namespace` field accepts any namespace with zero validation, allowing a namespace admin to rea

thehackerwire@mastodon.social at 2026-04-24T05:45:52.000Z ##

🟠 CVE-2026-41068 - High (7.7)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. However, the ConfigMap conte...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41068/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6919
(9.6 CRITICAL)

EPSS: 0.11%

updated 2026-04-24T16:39:50.947000

3 posts

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

nyanbinary at 2026-04-25T11:42:26.953Z ##

@andrewnez hm, is that search correct? The 343 on linked NVD page seems to include e.g. CVE-2026-6919 which isnt really related?

It's not an in any way relevant difference (4 false associations) but now I am really curious why those are associated....

##

nyanbinary@infosec.exchange at 2026-04-25T11:42:26.000Z ##

updated 2026-04-24T14:50:56.203000

2 posts

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attack

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41040/

secdb at 2026-04-27T00:01:17.188Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

secdb@infosec.exchange at 2026-04-27T00:01:17.000Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

CVE-2026-41208
(8.8 HIGH)

EPSS: 0.23%

updated 2026-04-24T14:50:56.203000

2 posts

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server host. An attacker with an agent credential can escalate privileges from the agent runtime to the Pap

thehackerwire@mastodon.social at 2026-04-25T22:00:01.000Z ##

🟠 CVE-2026-41208 - High (8.8)

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to e...

updated 2026-04-24T14:50:56.203000

2 posts

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

thehackerwire@mastodon.social at 2026-04-23T19:43:41.000Z ##

🟠 CVE-2026-41040 - High (7.5)

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:43:04.000Z ##

🟠 CVE-2026-41040 - High (7.5)

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41040/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41564
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-24T14:50:56.203000

2 posts

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process

thehackerwire@mastodon.social at 2026-04-23T19:43:32.000Z ##

🟠 CVE-2026-41564 - High (7.5)

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.

The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41564/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:54.000Z ##

🟠 CVE-2026-41564 - High (7.5)

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.

The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41564/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6887
(9.8 CRITICAL)

EPSS: 0.08%

updated 2026-04-24T14:50:56.203000

2 posts

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

thehackerwire@mastodon.social at 2026-04-23T19:43:27.000Z ##

🔴 CVE-2026-6887 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

updated 2026-04-24T14:41:16.553000

2 posts

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

Matchbook3469@mastodon.social at 2026-04-25T16:54:11.000Z ##

🚨 New security advisory:

CVE-2026-32210 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

updated 2026-04-24T14:40:12.517000

2 posts

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor

thehackerwire@mastodon.social at 2026-04-24T23:00:22.000Z ##

🔴 CVE-2026-40620 - Critical (9.8)

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management conne...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40620/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T03:00:25.000Z ##

SenseLive X3050 V1.523 is at CRITICAL risk (CVE-2026-40620, CVSS 9.3): missing auth lets remote attackers gain admin access. No patch yet — restrict management access, monitor logs, and follow vendor updates. https://radar.offseq.com/threat/cve-2026-40620-cwe-306-missing-authentication-for--0af2786c #OffSeq #CVE202640620 #IoTSecurity

##

CVE-2026-35503
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-24T14:40:12.517000

1 posts

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality.

thehackerwire@mastodon.social at 2026-04-24T22:05:47.000Z ##

🔴 CVE-2026-35503 - Critical (9.8)

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35503/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40630
(9.8 CRITICAL)

EPSS: 0.09%

updated 2026-04-24T14:40:12.517000

2 posts

A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

thehackerwire@mastodon.social at 2026-04-24T22:05:38.000Z ##

🔴 CVE-2026-40630 - Critical (9.8)

A vulnerability in
SenseLive

X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the i...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40630/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T00:00:38.000Z ##

🚨 CRITICAL: SenseLive X3050 v1.523 is vulnerable to authentication bypass (CVE-2026-40630) via alternate paths. No fix yet — restrict device network access and monitor closely. https://radar.offseq.com/threat/cve-2026-40630-cwe-288-authentication-bypass-using-b2eedf7d #OffSeq #CVE202640630 #IoTSecurity #VulnAlert

##

CVE-2026-27841
(8.1 HIGH)

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

Matchbook3469@mastodon.social at 2026-04-25T10:52:31.000Z ##

🔴 New security advisory:

CVE-2026-21515 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

EPSS: 0.03%

updated 2026-04-24T14:39:28.770000

1 posts

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's

thehackerwire@mastodon.social at 2026-04-24T20:07:35.000Z ##

🟠 CVE-2026-5367 - High (8.6)

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5367/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1949
(9.8 CRITICAL)

EPSS: 0.02%

updated 2026-04-24T14:39:28.770000

1 posts

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

thehackerwire@mastodon.social at 2026-04-24T06:42:15.000Z ##

🔴 CVE-2026-1949 - Critical (9.8)

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1949/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5364
(8.1 HIGH)

EPSS: 0.11%

updated 2026-04-24T14:38:26.740000

1 posts

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the attacker rather than being restricted to administrator-configured values, which when combined with the fac

thehackerwire@mastodon.social at 2026-04-24T06:42:06.000Z ##

🟠 CVE-2026-5364 - High (8.1)

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5364/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41651
(8.8 HIGH)

EPSS: 0.22%

updated 2026-04-24T13:43:37.347000

6 posts

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. T

5 repos

https://github.com/Vozec/CVE-2026-41651

https://github.com/dinosn/pack2theroot-lab

https://github.com/0xBlackash/CVE-2026-41651

https://github.com/baph00met/CVE-2026-41651

https://github.com/CipherCloak/CVE-2026-41651

benzogaga33@mamot.fr at 2026-04-25T16:20:01.000Z ##

Pack2TheRoot : une faille vieille de 12 ans offre les clés de votre Linux à n’importe qui https://goodtech.info/pack2theroot-faille-linux-packagekit-root-cve-2026-41651/ #Sécurité #Àlaune

##

benzogaga33@mamot.fr at 2026-04-25T16:20:01.000Z ##

Pack2TheRoot : une faille vieille de 12 ans offre les clés de votre Linux à n’importe qui https://goodtech.info/pack2theroot-faille-linux-packagekit-root-cve-2026-41651/ #Sécurité #Àlaune

##

secdb@infosec.exchange at 2026-04-24T20:58:39.000Z ##

🚨 CVE-2026-41651 (Pack2TheRoot)

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-41651

EPSS: 0.04%

updated 2026-04-24T00:32:04

2 posts

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default

thehackerwire@mastodon.social at 2026-04-24T22:05:56.000Z ##

🟠 CVE-2026-39462 - High (8.1)

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseL...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39462/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T06:00:26.000Z ##

CVE-2026-39462 (CRITICAL): SenseLive X3050 V1.523 lets attackers bypass password changes after factory reset — device may accept old or default creds. No fix yet. Limit reliance on resets and monitor for updates. https://radar.offseq.com/threat/cve-2026-39462-cwe-522-insufficiently-protected-cr-cedf02e1 #OffSeq #IoTSecurity #CVE202639462

##

CVE-2026-41353
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-24T00:32:03

1 posts

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profiles at runtime to access restricted profiles and bypass intended access controls.

thehackerwire@mastodon.social at 2026-04-23T22:25:21.000Z ##

🟠 CVE-2026-41353 - High (8.1)

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41353/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24303
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T00:31:58

2 posts

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

Matchbook3469@mastodon.social at 2026-04-25T07:53:01.000Z ##

🔴 New security advisory:

CVE-2026-24303 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

updated 2026-04-23T21:31:29

1 posts

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.

offseq@infosec.exchange at 2026-04-24T10:30:39.000Z ##

🛡️ CrowdStrike LogScale CRITICAL vuln (CVE-2026-40050): unauth path traversal — remote file read risk for self-hosted users. Tenable Nessus for Windows: HIGH vuln (CVE-2026-33694), file deletion & privilege escalation. Patch ASAP! https://radar.offseq.com/threat/vulnerabilities-patched-in-crowdstrike-tenable-pro-da7dee84 #OffSeq #Vuln #CrowdStrike #Tenable

##

CVE-2026-28950
(6.2 MEDIUM)

EPSS: 0.01%

updated 2026-04-23T21:31:21

1 posts

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.

nemo@mas.to at 2026-04-24T02:35:04.000Z ##

Apple issues iOS/iPadOS 26.4.2 to fix a Notification Services bug (CVE-2026-28950) that could retain deleted-app notification previews — Signal says preserved fragments will be removed after users update. Install now: https://cyberinsider.com/apple-fixes-ios-privacy-flaw-that-allowed-signal-message-retrieval/ 🔒📱 #iOS #Privacy #Security

##

CVE-2026-33318
(8.8 HIGH)

EPSS: 0.07%

updated 2026-04-23T21:23:40

2 posts

### Summary Any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: `POST /account/change-password` has no authorization check, allowing any session to overwrite the password hash; the inactive password `auth` row is never removed on migration; and the login endpoint accepts a client-supp

thehackerwire@mastodon.social at 2026-04-24T03:56:59.000Z ##

🟠 CVE-2026-33318 - High (8.8)

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: `POST /ac...

updated 2026-04-23T14:28:55.557000

2 posts

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited

4 repos

https://github.com/im-hanzou/CVE-2026-3844

https://github.com/0xgh057r3c0n/CVE-2026-3844

https://github.com/dinosn/CVE-2026-3844

https://github.com/tausifzaman/CVE-2026-3844

beyondmachines1@infosec.exchange at 2026-04-24T11:01:09.000Z ##

Cloudways Patches Actively Exploited File Upload Flaw in Breeze Cache Plugin

Cloudways patched a critical vulnerability in the Breeze Cache WordPress plugin (CVE-2026-3844) that allows unauthenticated attackers to upload malicious files and execute remote code. The flaw is currently under active exploitation, but it requires a non-default setting to be enabled in order to be exploited.

**If you use the Breeze Cache WordPress plugin, update it to version 2.4.5 ASAP. If you can't update right away, disable the "Host Files Locally - Gravatars" setting as a temporary workaround until you can apply the update.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cloudways-patches-actively-exploited-file-upload-flaw-in-breeze-cache-plugin-e-w-c-7-u/gD2P6Ple2L

##

thehackerwire@mastodon.social at 2026-04-23T21:44:57.000Z ##

🔴 CVE-2026-3844 - Critical (9.8)

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3844/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39440
(9.9 CRITICAL)

EPSS: 0.02%

updated 2026-04-23T14:28:55.557000

1 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

thehackerwire@mastodon.social at 2026-04-23T19:40:07.000Z ##

🔴 CVE-2026-39440 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39440/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33626
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-23T13:39:54.420000

7 posts

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networ

vitobotta@mastodon.social at 2026-04-25T12:28:05.000Z ##

Thirteen hours from disclosure to exploitation. CVE-2026-33626 in LMDeploy is an SSRF that hits cloud metadata and internal services. If you run LMDeploy, patch it.

##

hackerworkspace at 2026-04-25T06:25:19.265Z ##

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html

Read on HackerWorkspace: https://hackerworkspace.com/article/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure

#cybersecurity #aisecurity #vulnerability

##

vitobotta@mastodon.social at 2026-04-25T12:28:05.000Z ##

Thirteen hours from disclosure to exploitation. CVE-2026-33626 in LMDeploy is an SSRF that hits cloud metadata and internal services. If you run LMDeploy, patch it.

##

hackerworkspace@infosec.exchange at 2026-04-25T06:25:19.000Z ##

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html

Read on HackerWorkspace: https://hackerworkspace.com/article/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure

#cybersecurity #aisecurity #vulnerability

##

beyondmachines1@infosec.exchange at 2026-04-24T19:01:09.000Z ##

LMDeploy AI Inference Engine Exploited Hours After SSRF Disclosure

LMDeploy's vision-language module contains a high-severity SSRF vulnerability (CVE-2026-33626) that attackers exploited within 13 hours to scan internal networks and target cloud metadata. The flaw allows unauthenticated users to bypass network restrictions by providing malicious image URLs to the inference server.

updated 2026-04-23T10:52:43

2 posts

### Summary The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. An unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This

https://www.cve.org/CVERecord?id=CVE-2026-35344

secdb at 2026-04-27T00:01:17.188Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

secdb@infosec.exchange at 2026-04-27T00:01:17.000Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

CVE-2026-38834
(7.3 HIGH)

EPSS: 3.22%

updated 2026-04-22T21:24:26.997000

2 posts

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

secdb at 2026-04-27T00:01:17.188Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

secdb@infosec.exchange at 2026-04-27T00:01:17.000Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

CVE-2026-21571
(0 None)

EPSS: 1.10%

updated 2026-04-22T21:24:26.997000

2 posts

This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H allows an authenticated attacker to execute commands on the r

secdb at 2026-04-27T00:01:17.188Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

secdb@infosec.exchange at 2026-04-27T00:01:17.000Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

CVE-2026-35344
(3.3 LOW)

EPSS: 0.01%

updated 2026-04-22T21:23:52.620000

1 posts

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories caused by full disks or read-only file systems. This can lead to silent data corruption in backup o

mxey@hachyderm.io at 2026-04-23T17:29:35.000Z ##

##

CVE-2019-25714
(0 None)

EPSS: 0.60%

updated 2026-04-22T21:20:25.267000

2 posts

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS comman

secdb at 2026-04-27T00:01:17.188Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

secdb@infosec.exchange at 2026-04-27T00:01:17.000Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

CVE-2026-40887
(9.1 CRITICAL)

EPSS: 4.56%

updated 2026-04-22T21:08:48.550000

2 posts

Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression without parameterization or validation, allowing an attacker to execute arbitrary SQL against the data

#si #ai #sztucznainteligencja #wiadomości #informacje #technologia

secdb at 2026-04-27T00:01:17.188Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

secdb@infosec.exchange at 2026-04-27T00:01:17.000Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

CVE-2026-6799
(6.3 MEDIUM)

EPSS: 1.06%

updated 2026-04-22T20:22:50.570000

2 posts

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attack

secdb at 2026-04-27T00:01:17.188Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

updated 2026-04-21T16:20:24.180000

2 posts

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

secdb at 2026-04-27T00:01:17.188Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

secdb@infosec.exchange at 2026-04-27T00:01:17.000Z ##

📈 CVE Published in last 7 days (2026-04-20 - 2026-04-27)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1459

Severity:
- Critical: 124
- High: 358
- Medium: 586
- Low: 70
- None: 321

Status:
- : 40
- Analyzed: 313
- Awaiting Analysis: 570
- Deferred: 238
- Modified: 9
- Received: 124
- Rejected: 23
- Undergoing Analysis: 142

Top CNAs:
- GitHub, Inc.: 326
- kernel.org: 257
- VulnCheck: 119
- VulDB: 114
- Oracle: 102
- MITRE: 69
- Wordfence: 67
- Canonical Ltd.: 46
- Mozilla Corporation: 42
- N/A: 40

Top Affected Products:
- UNKNOWN: 1040
- Openclaw: 42
- Mozilla Firefox: 39
- Mozilla Thunderbird: 38
- Oracle Mysql Server: 25
- Wwbn Avideo: 18
- Flowiseai Flowise: 18
- Uutils Coreutils: 14
- Silextechnology Sd-330ac Firmware: 11
- Gitlab: 11

##

CVE-2026-5752
(9.3 CRITICAL)

EPSS: 0.02%

updated 2026-04-21T15:16:37.563000

2 posts

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

_r_netsec@infosec.exchange at 2026-04-24T14:28:05.000Z ##

Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes https://blog.barrack.ai/pyodide-sandbox-escape-cohere-terrarium-openai-codex/

##

aisight@mastodon.social at 2026-04-23T18:35:36.000Z ##

Projekt Terrarium, który miał uruchamiać kod generowany przez modele AI w bezpiecznej piaskownicy, okazał się śmiertelną pułapką. Luka CVE-2026-5752 pozwala napastnikom na przejęcie pełnej kontroli nad systemem, a najgorsze jest to, że projekt nie jest już rozwijany.

https://aisight.pl/cyberbezpieczenstwo/krytyczna-dziura-w-terrarium-od-cohere-ai-sandbox-to-ser-szwajcarski/

##

CVE-2025-48700
(6.1 MEDIUM)

EPSS: 18.76%

updated 2026-04-21T13:00:03.373000

2 posts

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted ta

beyondmachines1 at 2026-04-26T12:01:10.392Z ##

Zimbra XSS Flaw Actively Exploited

CISA has added CVE-2025-48700, an actively exploited XSS vulnerability in Zimbra Collaboration Suite's Classic UI, to its Known Exploited Vulnerabilities Catalog. Over 10,500 are unpatched instances still exposed online despite patches being available since June 2025.

**If you run Zimbra Collaboration Suite, immediately upgrade to a patched version (ZCS 8.8.15 Patch 47, 9.0.0 Patch 43, 10.0.12, or 10.1.4 or later) since this flaw is being actively exploited. Then audit your mail servers for signs of compromise. Check for suspicious mail forwarding rules, recent TGZ exports, and unexpected MFA or application password changes.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/zimbra-xss-flaw-actively-exploited-e-y-g-h-x/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2026-04-26T12:01:10.000Z ##

Zimbra XSS Flaw Actively Exploited

CISA has added CVE-2025-48700, an actively exploited XSS vulnerability in Zimbra Collaboration Suite's Classic UI, to its Known Exploited Vulnerabilities Catalog. Over 10,500 are unpatched instances still exposed online despite patches being available since June 2025.

**If you run Zimbra Collaboration Suite, immediately upgrade to a patched version (ZCS 8.8.15 Patch 47, 9.0.0 Patch 43, 10.0.12, or 10.1.4 or later) since this flaw is being actively exploited. Then audit your mail servers for signs of compromise. Check for suspicious mail forwarding rules, recent TGZ exports, and unexpected MFA or application password changes.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/zimbra-xss-flaw-actively-exploited-e-y-g-h-x/gD2P6Ple2L

##

CVE-2026-20133
(6.5 MEDIUM)

EPSS: 1.20%

updated 2026-04-20T21:32:43

1 posts

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the un

LLMs@activitypub.awakari.com at 2026-04-26T17:42:22.000Z ## CISA Orders Agencies to Secure Cisco SD-WAN Systems After New Flaw Hits Exploited List CISA has added CVE-2026-20133, a Cisco Catalyst SD-WAN Manager vulnerability, to its Known Exploited Vulnerabi...

#News

Origin | Interest | Match ##

CVE-2026-23456
(0 None)

EPSS: 0.03%

updated 2026-04-18T09:16:28.167000

1 posts

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case In decode_int(), the CONS case calls get_bits(bs, 2) to read a length value, then calls get_uint(bs, len) without checking that len bytes remain in the buffer. The existing boundary check only validates the 2 bits for get_bits(), not the subsequent 1-4 bytes th

netsecio@mastodon.social at 2026-04-26T16:22:41.000Z ##

📰 Log4j Deja Vu: Critical RCE Flaw in 'LogSpresso' Library Averts Major Supply Chain Crisis

🚨 A Log4j-style crisis averted! A critical 10.0 CVSS RCE flaw, CVE-2026-23456, was found in the popular 'LogSpresso' Java library. 😱 Patch released before wild exploitation. Update to version 3.5.1 NOW! #LogSpresso #Vulnerability #SupplyChain #Java

🔗 https://cybernetsec.io

##

CVE-2026-34197
(8.8 HIGH)

EPSS: 65.27%

updated 2026-04-16T19:59:38.107000

2 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) a

https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197

9 repos

https://github.com/xshysjhq/CVE-2026-34197-payload-Apache-ActiveMQ-

https://github.com/keraattin/CVE-2026-34197

https://github.com/DEVSECURITYSPRO/CVE-2026-34197

https://github.com/0xBlackash/CVE-2026-34197

https://github.com/hg0434hongzh0/CVE-2026-34197

https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE

https://github.com/dinosn/CVE-2026-34197

https://github.com/Catherines77/ActiveMQ-EXPtools

canartuc@mastodon.social at 2026-04-26T19:47:00.000Z ##

Apache ActiveMQ CVE-2026-34197 (CVSS 8.8) landed on the CISA Known Exploited list April 16. Federal patch deadline April 30. The flaw lets an attacker send a management command through Jolokia, the broker's monitoring API. The broker fetches a remote config file, then runs OS commands. Horizon3.ai says 13 years hiding in plain sight. I have chased similar setups across 14 platforms.

#CyberSecurity #InfoSec #DevOps #SysAdmin

##

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40466/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-59532
(0 None)

EPSS: 0.05%

updated 2026-04-15T00:35:42.020000

1 posts

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and command execution whe

1 repos

https://github.com/baktistr/cve-2025-59532-poc

_r_netsec@infosec.exchange at 2026-04-24T14:28:05.000Z ##

Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes https://blog.barrack.ai/pyodide-sandbox-escape-cohere-terrarium-openai-codex/

##

CVE-2026-34621
(9.7 CRITICAL)

EPSS: 7.60%

updated 2026-04-13T18:31:44

1 posts

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

5 repos

https://github.com/ercihan/CVE-2026-34621_PDF_SAMPLE

https://github.com/ercihan/CVE-2026-34621

https://github.com/eduardorossi84/CVE-2026-34621-POC

https://github.com/NULL200OK/cve_2026_34621_advanced

https://github.com/KeulenR01/Remediate-AdobeAcrobat-CVE-2026-34621

_r_netsec@infosec.exchange at 2026-04-23T18:28:05.000Z ##

CVE-2026-34621: Adobe Acrobat Reader zero-day was on VirusTotal for 136 days before Adobe named it a CVE https://nefariousplan.com/posts/adobe-acrobat-cve-2026-34621-detection-lie

##

CVE-2026-39987(CVSS UNKNOWN)

EPSS: 48.80%

updated 2026-04-09T19:06:18

2 posts

## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `/terminal/ws` lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., `/ws`) that correctly call `validate_auth()` for authentication, the `/terminal/ws` endpoint only checks the

https://github.com/mki9/CVE-2026-39987_exploit

7 repos

https://github.com/keraattin/CVE-2026-39987

https://github.com/0xBlackash/CVE-2026-39987

https://github.com/Nxploited/CVE-2026-39987

https://github.com/fevar54/marimo_CVE-2026-39987_RCE_PoC

https://github.com/Dhiaelhak-Rached/CVE-2026-39987-lab-or-marimo-cve-lab

https://github.com/h3raklez/CVE-2026-39987

secdb@infosec.exchange at 2026-04-23T20:00:16.000Z ##

🚨 [CISA-2026:0423] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0423)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-39987 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39987)
- Name: Marimo Remote Code Execution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Marimo
- Product: Marimo
- Notes: https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc ; https://nvd.nist.gov/vuln/detail/CVE-2026-39987

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260423 #cisa20260423 #cve_2026_39987 #cve202639987

##

cisakevtracker@mastodon.social at 2026-04-23T18:00:51.000Z ##

CVE ID: CVE-2026-39987
Vendor: Marimo
Product: Marimo
Date Added: 2026-04-23
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-39987

##

CVE-2026-27966
(9.8 CRITICAL)

EPSS: 0.23%

updated 2026-02-28T00:54:27.840000

1 posts

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool (`python_repl_ast`). As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE)

1 repos

https://github.com/Anon-Cyber-Team/CVE-2026-27966--RCE-in-Langflow

metasploit@infosec.exchange at 2026-04-24T20:35:01.000Z ##

The latest Metasploit Weekly Wrapup is here! Highlights include a new RCE exploit for Langflow (CVE-2026-27966), improved check method visibility with detailed reasoning, and updates for legacy SMB targets. Plus 3 other new modules!

##

CVE-2026-25253
(8.8 HIGH)

EPSS: 0.09%

updated 2026-02-13T17:41:02.987000

2 posts

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

11 repos

https://github.com/msaleme/start-here

https://github.com/Cyber-Warrior-Network/trust-gate-mcp

https://github.com/adibirzu/openclaw-security-monitor

https://github.com/al4n4n/CVE-2026-25253-research

https://github.com/ethiack/moltbot-1click-rce

https://github.com/Ckokoski/moatbot-security

https://github.com/ZhaoymOvO/openclaw-1click-rce-env

https://github.com/Joseph19820124/openclaw-vuln-report

https://github.com/EQSTLab/CVE-2026-25253

https://github.com/FrigateCaptain/openclaw_vulnerabilities_and_solutions

https://github.com/KajzingerAkos/CVE-2026-25253

fediverse@weandthecolor.com at 2026-04-26T11:52:39.000Z ##

OpenClaw Hardware Requirements: Everything You Need to Run This AI Agent in 2026

This post contains affiliate links. We may earn a commission if you click on them and make a purchase. It’s at no extra cost to you and helps us run this site. Thanks for your support!

Regarding AI, it seems like everyone’s been talking about OpenClaw lately. The project exploded on GitHub before most people had even heard the name — passing 100,000 stars inside two months, spawning Reddit threads, Discord servers, and a wave of setup guides from developers who couldn’t stop talking about it. By the time the wider tech press noticed, a serious community had already formed around it. That kind of organic momentum is rare, and it usually means something real is happening.

What makes OpenClaw compelling isn’t a single feature. It’s the premise: a proactive, always-on AI assistant that runs entirely on your own hardware, connects to the messaging apps you already use, and never hands your data to someone else’s server. No subscriptions. No cloud lock-in. You own the whole stack. For a growing number of developers and technically curious people, that combination proved irresistible.

But here’s the catch: the official documentation lists “4GB RAM” as the minimum requirement. That figure is technically accurate and practically misleading. The real OpenClaw hardware requirements depend entirely on how you deploy it — and if you pick the wrong machine, your agent will stall, swap, and crash at the worst possible moment. This guide cuts through the vague specs and gives you the honest picture.

What Is OpenClaw, and Why Should You Care About It Right Now?

OpenClaw is a free, open-source AI agent framework that turns large language models into autonomous personal assistants running 24/7 on your own hardware. Austrian developer Peter Steinberger originally launched it in November 2025 under the name Clawdbot. After a brief naming detour through “Moltbot,” it became OpenClaw in January 2026. By February, Steinberger had joined OpenAI — and committed to keeping the project open-source under MIT license through a newly established non-profit foundation.

The latest stable release as of April 2026 is v2026.4.12. The project is actively maintained with regular releases, and a large community is building skills, integrations, and deployment guides daily.

[🖼 Adobe Creative Cloud All Apps]

What OpenClaw Actually Does

OpenClaw isn’t a chatbot. It doesn’t wait for you to open an app and type a question. Instead, it operates proactively through a heartbeat daemon and scheduled tasks. Think of it as a persistent operator living on your machine, not a reactive text box in a browser tab.

You interact with it through the messaging platforms you already use. The supported channel list includes WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Google Chat, Microsoft Teams, Matrix, IRC, LINE, and over a dozen more. You text your agent from your phone. It executes tasks on your hardware. Results come back through the same channel.

Its core capabilities include browser automation via Playwright, file management, scheduled tasks, API integrations, voice interaction on macOS and iOS, and a live Canvas workspace for visual agent output. A community-driven skill marketplace called ClawHub offers over 700 additional extensions. The skill system is modular — each skill is a Markdown file stored in your local workspace directory.

OpenClaw Is Model-Agnostic

You choose the AI brain. OpenClaw works with Anthropic Claude, OpenAI GPT-4o, Google Gemini, DeepSeek, and local models through Ollama or llama.cpp. It auto-switches to backup models if your primary choice becomes unavailable — which matters a great deal in production automation scenarios.

The Honest Truth About OpenClaw Hardware Requirements

The OpenClaw gateway process itself is a Node.js application. It proxies messages, manages sessions, and orchestrates tool calls. That core process is lightweight — it spends most of its time waiting for API responses rather than grinding through computation. But “can run” and “runs well” are fundamentally different states, and the gap between them grows wider as you add features.

What I call the Deployment Multiplier Effect is the single concept most guides skip over. Your resource usage doesn’t scale linearly with agents or tasks. It scales exponentially once you enable browser automation, local model inference, or multi-agent routing. A machine that handles one text-based agent comfortably will collapse under two browser-automated agents running concurrently.

Minimum OpenClaw System Requirements

These are the absolute floor values. OpenClaw will start and handle basic tasks at these specs, but you’ll hit limits quickly under sustained load.

CPU: 2 cores / 4 threads
RAM: 4GB
Storage: 10–20GB SSD (not HDD)
OS: macOS, Linux (Ubuntu 22.04+ recommended), or Windows via WSL2
Node.js: Version 22 or higher (not 18, not 20)
Network: Stable outbound HTTPS access

The 4GB RAM floor exists because the OpenClaw gateway process alone consumes 400–800MB at idle. Add Node.js runtime overhead, your operating system, and Docker if you use it — and a 2GB machine is already in trouble before you run a single task. Users who try 1GB VPS instances report out-of-memory kills during Docker builds and chronic swapping during normal operation.

The Node.js version requirement deserves emphasis. OpenClaw absolutely requires Node.js 22 or higher. Running it on Node 18 or 20 produces cryptic errors about import statements and missing modules. Install Node 22 via Homebrew on macOS, NVM on Linux, or the official installer on Windows before anything else.

Recommended OpenClaw Hardware for Single-Agent Deployments

For one agent doing text-based tasks through Telegram, Slack, or WhatsApp — with no browser automation and no local LLMs — these specs ensure consistent, comfortable performance:

CPU: 6–8 threads (Intel i5 / AMD Ryzen 5 or equivalent)
RAM: 8–16GB
Storage: 20–50GB NVMe SSD
Network: 2.5GbE recommended for API-heavy workflows

NVMe drives reduce model load times by approximately 40% compared to SATA SSDs. That difference is noticeable in daily use, especially when OpenClaw loads skills, writes logs, and manages session persistence simultaneously.

OpenClaw Hardware Requirements by Deployment Scenario

The right hardware depends on what you’re actually running. Let me walk through five distinct deployment tiers using a framework I call the Agent Footprint Stack — a way of thinking about resource allocation as a layered budget rather than a flat spec sheet.

Tier 1 — Lightweight Gateway (Personal Use, Cloud APIs Only)

This is the bread-and-butter OpenClaw setup. One agent, text-based tasks, no browser, no local models. The gateway runs, routes your messages, calls Claude or GPT-4o, and returns results.

RAM needed: 4–8GB
CPU: 4 threads minimum
Storage: 20GB SSD
Best hardware pick: Raspberry Pi 5 (8GB) — approximately $80 — handles this workload well if you’re disciplined about resource allocation
Cloud alternative: DigitalOcean $12/month droplet (2 vCPUs, 2GB RAM) works for minimal setups; upgrade to the $24/month tier (4GB RAM) for comfortable headroom

The Pi 5 excels at orchestrating cloud API calls. You’re not running local inference here, so compute requirements stay low. The tradeoff is latency on complex multi-tool sequences — expect occasional slowdowns during tasks that combine web search, file operations, and API calls in rapid succession.

Tier 2 — Browser Automation Enabled

Browser automation is one of OpenClaw’s strongest features. It is also the single biggest hardware multiplier in the entire stack. Each Playwright browser instance consumes 200–400MB of RAM and generates significant CPU load during page rendering.

RAM needed: 8–16GB (the jump from 4GB is not optional here)
CPU: 8 threads minimum
Storage: 30–50GB NVMe
Best hardware pick: GEEKOM A5 2025 (AMD Ryzen 5 7430U, 32GB RAM) — approximately $545

A 4GB machine running the gateway (400–800MB) plus one browser instance (200–400MB) plus OS and Docker overhead is already at 70–80% memory utilization before any tasks begin. Two concurrent browser instances on 4GB cause swapping, which kills response times and can crash the container mid-task.

Tier 3 — Multi-Agent Deployment

Running two or more OpenClaw agents on the same server means each agent runs its own gateway process with separate configuration, memory, and session state. Budget 2–3GB of RAM per agent for comfortable headroom.

RAM needed: 16–32GB
CPU: 12+ threads
Storage: 50–100GB NVMe
Best hardware pick: Mac Mini M4 (16GB base model, approximately $599) — developers report running 8 simultaneous OpenClaw agents with zero thermal throttling thanks to the unified memory architecture
Alternative: Mini PCs from ASUS NUC, Beelink, or Minisforum lines at $400–700; prioritize models with replaceable RAM and dual NVMe slots

Two agents on a 4GB VPS will run, but both degrade under concurrent load. Three agents on 4GB don’t work. The gateway processes compete for memory, and the first one to get killed takes down its entire workflow mid-execution. For cloud hosting, DigitalOcean’s 8GB droplet at $24/month or a Hetzner CX43 at approximately $14/month handles two agents reliably.

Tier 4 — Local Model Inference (Ollama Integration)

This is where OpenClaw hardware requirements make a genuine leap. Running a local LLM through Ollama eliminates API costs and keeps all inference on-device — but it demands a completely different class of hardware.

An 8-billion-parameter model like Llama 3 8B, quantized to 4-bit precision, requires approximately 6GB of RAM just to load the model weights. Your operating system needs 4GB on top of that. Add OpenClaw’s context window management, and 16GB of RAM is the absolute floor for local inference. In practice, 32GB is the realistic baseline for responsive agent execution.

RAM needed: 32–64GB
CPU: NPU or GPU strongly preferred
Storage: 100GB+ NVMe (model files are large)
Best hardware pick for 7B–13B models: ACEMAGIC F5A (AMD Ryzen AI 9 HX 370, 50 TOPS dedicated NPU) — approximately $650; the NPU handles LLM inference independently, keeping primary CPU cores free for other tasks
Best hardware pick for 70B+ models: ACEMAGIC M1A PRO+ (AMD Ryzen AI MAX+ 395, 128GB LPDDR5x, 126 TOPS total) — designed explicitly for heavy multi-agent and large-model workloads

Standard CPUs can run LLM inference, but forcing matrix multiplication through general-purpose cores spikes power consumption above 65 watts and generates significant heat. Neural Processing Units handle the same workload at a fraction of the energy draw — which matters enormously for 24/7 always-on deployments.

Tier 5 — Enterprise and Production Deployment

For teams running OpenClaw as business-critical infrastructure — customer message routing, automated reporting, time-sensitive CRM updates — the hardware calculus shifts entirely toward reliability and uptime over raw cost efficiency.

RAM: 32–128GB
CPU: 16+ threads or dedicated server hardware
Storage: RAID-backed NVMe or enterprise SSD
Network: Dedicated IP, monitored uptime
Container orchestration: Docker with PM2 process management, or Kubernetes for multi-gateway scaling

Consumer laptops are built for burst performance. Running an AI agent at 100% computational load for 72 hours straight on a laptop will cause thermal throttling — CPU cores dropping from 4.5GHz to 2.1GHz as heat builds. Dedicated hardware with active cooling isn’t about peak performance. It’s about consistency.

Supported Operating Systems and Architecture

OpenClaw supports three primary operating environments. macOS and Linux run the gateway natively. Windows requires WSL2 (Ubuntu is recommended inside WSL2). For server deployments, Linux is the most predictable and well-documented option.

On the architecture side, OpenClaw auto-detects your CPU architecture. Both x86_64 and ARM64 are fully supported. Apple Silicon (M1 through M4) receives native support via the macOS menu bar app or CLI. AWS Graviton 2, 3, and 4 instances are fully supported and often deliver better price-to-performance ratios than x86 equivalents for cloud deployments. The Raspberry Pi 5 on ARM64 works well for the lightweight Tier 1 scenario described above.

Memory Architecture: Understanding the OpenClaw RAM Budget

Here’s a framework I find genuinely useful when planning OpenClaw deployments — the RAM Budget Formula. Add up these components to calculate your actual memory requirement before you buy hardware:

Base gateway process: ~300MB
Per active messaging channel: ~100MB each
Per WebSocket client: ~10MB each
Per sandbox container: 256MB–1GB each
Browser instance (if enabled): 500MB–2GB
Local LLM weights (if running locally): varies by model size
Overhead buffer: add 20% to your total

Sum those numbers for your specific configuration, add 20%, and that’s your real RAM floor — not the 4GB figure in the README. This formula also explains why storage matters beyond just holding files. OpenClaw generates more disk writes than you might expect. Log accumulation, session files, memory persistence data, and Node.js module cache collectively consume significant space over time. The 20GB storage recommendation is double the minimum precisely to accommodate this growth.

How to Install OpenClaw Locally

The installation process is straightforward if you follow the correct sequence. These are the verified steps for a local deployment on Linux or macOS.

Step 1 — Verify Your Node.js Version

Before anything else, confirm you’re running Node.js 22 or higher. Run node --version in your terminal. If the output shows v18 or v20, install v22 via NVM on Linux (nvm install 22) or Homebrew on macOS (brew install node@22). An incorrect Node version is the most common cause of installation failures.

Step 2 — Clone the Repository

OpenClaw’s official repository lives at github.com/openclaw/openclaw. Clone it with git clone https://github.com/openclaw/openclaw.git, then navigate into the directory with cd openclaw.

Step 3 — Install Dependencies

The project prefers pnpm for package management. Run pnpm install to pull all dependencies. Installation typically takes 2–3 minutes, depending on your connection speed.

Step 4 — Run the Onboarding Setup

Run pnpm openclaw setup for first-time configuration. This writes the local config and workspace structure. Alternatively, run openclaw onboard in your terminal — the onboarding wizard guides you step-by-step through gateway setup, channel configuration, and skill installation. It’s the recommended path for new users.

Step 5 — Run the Diagnostics

Always run openclaw doctor after installation. This command surfaces misconfigured settings, missing dependencies, and risky DM policy configurations before they cause silent failures. Fixing issues at this stage saves hours of debugging later.

Step 6 — Start the Gateway

Start the gateway with pnpm gateway:watch for development (auto-reloads on changes) or configure it as a daemon using PM2 for always-on production deployment. PM2 ensures the gateway automatically restarts after crashes or system reboots.

Step 7 — Connect Your First Channel

Connect a messaging channel through the dashboard or CLI. For Telegram, create a bot through @BotFather, copy the token, and pair it through the OpenClaw interface. Once connected, you can interact with your agent from any device where you use that platform.

Advantages and Disadvantages of OpenClaw

The Case For OpenClaw

The privacy argument is the strongest one. Your data, sessions, and credentials never leave your hardware. For anyone handling sensitive personal or professional information, that’s not a feature — it’s a requirement. Local-first deployment also eliminates recurring API gateway costs over time.

The multi-channel approach is genuinely elegant. Most AI tools force you into their interface. OpenClaw meets you where you already are — your existing messaging apps. That reduces friction to nearly zero for daily use.

The model-agnostic design future-proofs your setup. When a better model launches, you switch providers in your config file. You’re not locked into one company’s product roadmap.

The extensibility through ClawHub skills and the open-source nature mean the community continuously expands what OpenClaw can do. Over 700 skills are available, and building custom skills in Markdown is accessible even for non-developers.

The Honest Downsides

OpenClaw is what I’d call a Sharp Knife Tool — powerful and precise, but unforgiving of mistakes. It requires comfortable familiarity with the command line, JSON configuration files, and basic server management concepts. If you’ve never used a terminal, this is not where you start.

Security demands active management. The critical CVE-2026-25253 Remote Code Execution vulnerability exposed unpatched deployments in early 2026. Always run openclaw update --force followed by openclaw security audit to verify your installation is patched and hardened. Skill permissions deserve scrutiny — a skill requesting shell execution access outside your workspace is a red flag worth taking seriously.

Hardware costs are real. A capable, always-on mini PC costs $400–700. That’s a one-time cost that pays back against subscription services over time, but the upfront investment is higher than cloud alternatives.

Foundation governance is still evolving. The non-profit foundation Steinberger announced has not yet published full governance documents as of April 2026. For teams evaluating long-term enterprise use, that’s a legitimate uncertainty to factor in.

OpenClaw Hardware Recommendations: Buying Guide by Budget

Let me translate all of this into concrete purchase recommendations organized by budget and use case. These reflect actual performance data from the community and hardware specifications verified as of April 2026.

Under $250 — Learning and Testing Only

The Intel N100 Mini PC (approximately $150–250) works as an entry point for learning the OpenClaw CLI, testing workflows, and API integration testing. Four efficient cores at 3.4GHz, 16GB RAM, and a 512GB SSD handle single-agent, cloud-API-only setups at low power draw. Don’t use this for browser automation or local inference.

The Raspberry Pi 5 (8GB) at approximately $80 is viable for Tier 1 personal use with strict resource discipline. Great for experimenting with the framework before committing to dedicated hardware.

$300–$500 — Single Agent, Serious Use

The Beelink MINI S13 (approximately $300–400, Intel i5-1235U, 12 threads, 16GB RAM, 500GB NVMe) handles single-agent deployments with cloud APIs reliably. A solid everyday choice if you don’t need local inference.

The GMKtec G3 Plus (approximately $300–400, 12 threads, 16GB RAM, 512GB NVMe) offers an upgrade path for light multi-agent testing. Good value for the price if you plan to grow into the platform gradually.

$480–$680 — Production-Grade Single or Multi-Agent

The GEEKOM A5 2025 (AMD Ryzen 5 7430U) is the community’s most recommended all-around choice. At 16GB RAM for approximately $480–580, it handles single-agent plus browser automation. Furthermore, at 32GB for approximately $545, it’s the go-to for 2–3 concurrent agents. And at 64GB for approximately $680, it offers maximum future-proofing for local model experimentation.

The Mac Mini M4 (16GB, approximately $599) deserves special consideration. Its unified memory architecture eliminates CPU-GPU memory transfer bottlenecks. Developers consistently report running 8 simultaneous OpenClaw agents with zero thermal throttling. If you’re already in the Apple ecosystem, this is the clear recommendation.

$650+ — Local Inference and Heavy Workloads

The ACEMAGIC F5A (AMD Ryzen AI 9 HX 370, 50 TOPS dedicated NPU, approximately $650) is purpose-built for always-on local model inference. The NPU handles LLM computation independently, keeping primary CPU cores available for other tasks. The OCuLink port enables connection to external desktop GPUs without Thunderbolt bandwidth limitations — useful if you plan to train models later.

For teams running 70B+ parameter models or deploying multiple concurrent inference instances, the ACEMAGIC M1A PRO+ (AMD Ryzen AI MAX+ 395, 128GB LPDDR5x, approximately $1,200+) provides workstation-grade memory bandwidth. Unified 128GB memory allows loading 70B parameter models entirely into RAM with zero swapping.

Security Hardening: Running OpenClaw Safely

A few non-negotiable security practices should accompany every OpenClaw deployment. These are not optional considerations — they’re the difference between a useful tool and a liability.

Run the gateway under a dedicated OS user account with no access to your personal home directory. If using Docker, mount only specific folders the agent needs — read-only mounts for sensitive documents prevent deletion while still allowing the agent to learn from them. Whitelist only your own Telegram or messaging platform user ID in the config file. Use a dedicated API key with a hard daily spending limit of $5–$10.

Approach ClawHub skill installation with the same diligence you’d apply to installing npm packages in production. Review requested permissions before installing. A weather skill requesting shell execution access is a significant red flag. The OpenClaw Foundation runs automated security scans on ClawHub submissions, but community-published skills carry inherent third-party risk.

The Future of OpenClaw Hardware: An Editorial Perspective

Something interesting is happening in the mini PC market right now. Hardware manufacturers are starting to design explicitly for AI agent hosting — not gaming, not general productivity, but always-on inference. The AMD Ryzen AI NPU line, NVIDIA’s NemoClaw reference stack for DGX Spark, and Apple Silicon’s unified memory architecture all point in the same direction: dedicated, efficient, local compute for autonomous agents.

The trend I’m watching closely is what the community calls “Mobile Nodes” and “Edge AI” — deploying OpenClaw not on a desktop mini PC but on compact ARM devices optimized for battery-backed, always-on operation. As LLM quantization techniques improve, 7B models will become genuinely viable on $200 hardware. That changes the access equation entirely.

My honest opinion: if you value data sovereignty and want to automate meaningful parts of your digital life, OpenClaw is the most capable self-hosted option available in April 2026. But it’s not for everyone. It rewards people who enjoy understanding how their tools work. If you want something that just works out of the box with zero configuration, this isn’t your tool. If you want control, transparency, and the ability to run a genuinely intelligent agent without sending your data to someone else’s server, OpenClaw is worth every hour of setup time.

Frequently Asked Questions About OpenClaw Hardware Requirements

What is the absolute minimum hardware to run OpenClaw?

OpenClaw requires a minimum of 2 CPU cores, 4GB RAM, and 10GB of SSD storage. You also need Node.js version 22 or higher. These specs support basic single-agent text operations only. They don’t leave sufficient headroom for browser automation, local LLMs, or sustained multi-task workflows.

Can I run OpenClaw on a Raspberry Pi?

Yes. The Raspberry Pi 5 with 8GB RAM handles Tier 1 deployments — single agent, cloud API calls only, no browser automation. ARM64 architecture is fully supported. Add a 2GB swap file for additional stability on lower-RAM Pi configurations.

Does OpenClaw work on Windows?

Yes, but only through WSL2 (Windows Subsystem for Linux). Ubuntu is the recommended WSL2 distribution. Configure WSL2 memory allocation via the .wslconfig file in your user profile directory. Native Windows execution is not supported.

How much RAM do I need to run a local LLM with OpenClaw?

16GB is the absolute minimum for running an 8B parameter model quantized to 4-bit precision. 32GB is the realistic baseline for responsive performance. A 70B parameter model requires 64–128GB of RAM to run without swapping.

What is the best mini PC for OpenClaw in 2026?

For most users, the GEEKOM A5 2025 with 32GB RAM (approximately $545) offers the best balance of capability, cost, and upgrade path. For Apple ecosystem users, the Mac Mini M4 with 16GB RAM (approximately $599) provides exceptional multi-agent performance. And for local inference workloads, the ACEMAGIC F5A with its dedicated NPU handles continuous AI computation most efficiently.

Can I run OpenClaw on a VPS without dedicated hardware?

Yes. A DigitalOcean $24/month droplet (4GB RAM) or a Hetzner CX43 ($13–14/month) handles two agents reliably. For four or more agents, move to 16GB instances or split across multiple servers. Be aware that monthly VPS costs often exceed the one-time cost of a dedicated mini PC over 12–18 months.

What is the recommended Node.js version for OpenClaw?

Node.js 22 or higher is required. Earlier versions, including Node 18 LTS and Node 20, cause installation failures and runtime errors. Always install Node 22 before attempting to install OpenClaw.

How do I verify my OpenClaw installation is configured correctly?

Run OpenCLAW Doctor immediately after installation. This command surfaces misconfigured settings, missing dependencies, and security policy issues. Run it again after any major update to confirm the installation remains healthy.

What storage type does OpenClaw require?

SSD is essential — HDD storage creates I/O bottlenecks during model loading, log writing, and session persistence. NVMe SSDs reduce model load times by approximately 40% compared to SATA SSDs. Plan for at least 20–50GB of dedicated storage, more if you enable verbose logging or run multiple agents simultaneously.

Is OpenClaw free to use?

Yes. OpenClaw is fully open-source under the MIT license. The framework itself is free. You’ll pay for the AI model API calls (typically $0.50–$2.00 per 100 tasks using Claude Sonnet) and any hardware or VPS hosting costs you choose to incur. Running local models through Ollama eliminates ongoing API costs entirely.

Check out other popular AI topics here at WE AND THE COLOR.

#ai #free #hardware #openSource #OpenClaw ##

fediverse@weandthecolor.com at 2026-04-26T11:52:39.000Z ##

OpenClaw Hardware Requirements: Everything You Need to Run This AI Agent in 2026

This post contains affiliate links. We may earn a commission if you click on them and make a purchase. It’s at no extra cost to you and helps us run this site. Thanks for your support!

Regarding AI, it seems like everyone’s been talking about OpenClaw lately. The project exploded on GitHub before most people had even heard the name — passing 100,000 stars inside two months, spawning Reddit threads, Discord servers, and a wave of setup guides from developers who couldn’t stop talking about it. By the time the wider tech press noticed, a serious community had already formed around it. That kind of organic momentum is rare, and it usually means something real is happening.

What makes OpenClaw compelling isn’t a single feature. It’s the premise: a proactive, always-on AI assistant that runs entirely on your own hardware, connects to the messaging apps you already use, and never hands your data to someone else’s server. No subscriptions. No cloud lock-in. You own the whole stack. For a growing number of developers and technically curious people, that combination proved irresistible.

But here’s the catch: the official documentation lists “4GB RAM” as the minimum requirement. That figure is technically accurate and practically misleading. The real OpenClaw hardware requirements depend entirely on how you deploy it — and if you pick the wrong machine, your agent will stall, swap, and crash at the worst possible moment. This guide cuts through the vague specs and gives you the honest picture.

What Is OpenClaw, and Why Should You Care About It Right Now?

OpenClaw is a free, open-source AI agent framework that turns large language models into autonomous personal assistants running 24/7 on your own hardware. Austrian developer Peter Steinberger originally launched it in November 2025 under the name Clawdbot. After a brief naming detour through “Moltbot,” it became OpenClaw in January 2026. By February, Steinberger had joined OpenAI — and committed to keeping the project open-source under MIT license through a newly established non-profit foundation.

The latest stable release as of April 2026 is v2026.4.12. The project is actively maintained with regular releases, and a large community is building skills, integrations, and deployment guides daily.

[🖼 Adobe Creative Cloud All Apps]

What OpenClaw Actually Does

OpenClaw isn’t a chatbot. It doesn’t wait for you to open an app and type a question. Instead, it operates proactively through a heartbeat daemon and scheduled tasks. Think of it as a persistent operator living on your machine, not a reactive text box in a browser tab.

You interact with it through the messaging platforms you already use. The supported channel list includes WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Google Chat, Microsoft Teams, Matrix, IRC, LINE, and over a dozen more. You text your agent from your phone. It executes tasks on your hardware. Results come back through the same channel.

Its core capabilities include browser automation via Playwright, file management, scheduled tasks, API integrations, voice interaction on macOS and iOS, and a live Canvas workspace for visual agent output. A community-driven skill marketplace called ClawHub offers over 700 additional extensions. The skill system is modular — each skill is a Markdown file stored in your local workspace directory.

OpenClaw Is Model-Agnostic

You choose the AI brain. OpenClaw works with Anthropic Claude, OpenAI GPT-4o, Google Gemini, DeepSeek, and local models through Ollama or llama.cpp. It auto-switches to backup models if your primary choice becomes unavailable — which matters a great deal in production automation scenarios.

The Honest Truth About OpenClaw Hardware Requirements

The OpenClaw gateway process itself is a Node.js application. It proxies messages, manages sessions, and orchestrates tool calls. That core process is lightweight — it spends most of its time waiting for API responses rather than grinding through computation. But “can run” and “runs well” are fundamentally different states, and the gap between them grows wider as you add features.

What I call the Deployment Multiplier Effect is the single concept most guides skip over. Your resource usage doesn’t scale linearly with agents or tasks. It scales exponentially once you enable browser automation, local model inference, or multi-agent routing. A machine that handles one text-based agent comfortably will collapse under two browser-automated agents running concurrently.

Minimum OpenClaw System Requirements

These are the absolute floor values. OpenClaw will start and handle basic tasks at these specs, but you’ll hit limits quickly under sustained load.

CPU: 2 cores / 4 threads
RAM: 4GB
Storage: 10–20GB SSD (not HDD)
OS: macOS, Linux (Ubuntu 22.04+ recommended), or Windows via WSL2
Node.js: Version 22 or higher (not 18, not 20)
Network: Stable outbound HTTPS access

The 4GB RAM floor exists because the OpenClaw gateway process alone consumes 400–800MB at idle. Add Node.js runtime overhead, your operating system, and Docker if you use it — and a 2GB machine is already in trouble before you run a single task. Users who try 1GB VPS instances report out-of-memory kills during Docker builds and chronic swapping during normal operation.

The Node.js version requirement deserves emphasis. OpenClaw absolutely requires Node.js 22 or higher. Running it on Node 18 or 20 produces cryptic errors about import statements and missing modules. Install Node 22 via Homebrew on macOS, NVM on Linux, or the official installer on Windows before anything else.

Recommended OpenClaw Hardware for Single-Agent Deployments

For one agent doing text-based tasks through Telegram, Slack, or WhatsApp — with no browser automation and no local LLMs — these specs ensure consistent, comfortable performance:

CPU: 6–8 threads (Intel i5 / AMD Ryzen 5 or equivalent)
RAM: 8–16GB
Storage: 20–50GB NVMe SSD
Network: 2.5GbE recommended for API-heavy workflows

NVMe drives reduce model load times by approximately 40% compared to SATA SSDs. That difference is noticeable in daily use, especially when OpenClaw loads skills, writes logs, and manages session persistence simultaneously.

OpenClaw Hardware Requirements by Deployment Scenario

The right hardware depends on what you’re actually running. Let me walk through five distinct deployment tiers using a framework I call the Agent Footprint Stack — a way of thinking about resource allocation as a layered budget rather than a flat spec sheet.

Tier 1 — Lightweight Gateway (Personal Use, Cloud APIs Only)

This is the bread-and-butter OpenClaw setup. One agent, text-based tasks, no browser, no local models. The gateway runs, routes your messages, calls Claude or GPT-4o, and returns results.

RAM needed: 4–8GB
CPU: 4 threads minimum
Storage: 20GB SSD
Best hardware pick: Raspberry Pi 5 (8GB) — approximately $80 — handles this workload well if you’re disciplined about resource allocation
Cloud alternative: DigitalOcean $12/month droplet (2 vCPUs, 2GB RAM) works for minimal setups; upgrade to the $24/month tier (4GB RAM) for comfortable headroom

The Pi 5 excels at orchestrating cloud API calls. You’re not running local inference here, so compute requirements stay low. The tradeoff is latency on complex multi-tool sequences — expect occasional slowdowns during tasks that combine web search, file operations, and API calls in rapid succession.

Tier 2 — Browser Automation Enabled

Browser automation is one of OpenClaw’s strongest features. It is also the single biggest hardware multiplier in the entire stack. Each Playwright browser instance consumes 200–400MB of RAM and generates significant CPU load during page rendering.

RAM needed: 8–16GB (the jump from 4GB is not optional here)
CPU: 8 threads minimum
Storage: 30–50GB NVMe
Best hardware pick: GEEKOM A5 2025 (AMD Ryzen 5 7430U, 32GB RAM) — approximately $545

A 4GB machine running the gateway (400–800MB) plus one browser instance (200–400MB) plus OS and Docker overhead is already at 70–80% memory utilization before any tasks begin. Two concurrent browser instances on 4GB cause swapping, which kills response times and can crash the container mid-task.

Tier 3 — Multi-Agent Deployment

Running two or more OpenClaw agents on the same server means each agent runs its own gateway process with separate configuration, memory, and session state. Budget 2–3GB of RAM per agent for comfortable headroom.

RAM needed: 16–32GB
CPU: 12+ threads
Storage: 50–100GB NVMe
Best hardware pick: Mac Mini M4 (16GB base model, approximately $599) — developers report running 8 simultaneous OpenClaw agents with zero thermal throttling thanks to the unified memory architecture
Alternative: Mini PCs from ASUS NUC, Beelink, or Minisforum lines at $400–700; prioritize models with replaceable RAM and dual NVMe slots

Two agents on a 4GB VPS will run, but both degrade under concurrent load. Three agents on 4GB don’t work. The gateway processes compete for memory, and the first one to get killed takes down its entire workflow mid-execution. For cloud hosting, DigitalOcean’s 8GB droplet at $24/month or a Hetzner CX43 at approximately $14/month handles two agents reliably.

Tier 4 — Local Model Inference (Ollama Integration)

This is where OpenClaw hardware requirements make a genuine leap. Running a local LLM through Ollama eliminates API costs and keeps all inference on-device — but it demands a completely different class of hardware.

An 8-billion-parameter model like Llama 3 8B, quantized to 4-bit precision, requires approximately 6GB of RAM just to load the model weights. Your operating system needs 4GB on top of that. Add OpenClaw’s context window management, and 16GB of RAM is the absolute floor for local inference. In practice, 32GB is the realistic baseline for responsive agent execution.

RAM needed: 32–64GB
CPU: NPU or GPU strongly preferred
Storage: 100GB+ NVMe (model files are large)
Best hardware pick for 7B–13B models: ACEMAGIC F5A (AMD Ryzen AI 9 HX 370, 50 TOPS dedicated NPU) — approximately $650; the NPU handles LLM inference independently, keeping primary CPU cores free for other tasks
Best hardware pick for 70B+ models: ACEMAGIC M1A PRO+ (AMD Ryzen AI MAX+ 395, 128GB LPDDR5x, 126 TOPS total) — designed explicitly for heavy multi-agent and large-model workloads

Standard CPUs can run LLM inference, but forcing matrix multiplication through general-purpose cores spikes power consumption above 65 watts and generates significant heat. Neural Processing Units handle the same workload at a fraction of the energy draw — which matters enormously for 24/7 always-on deployments.

Tier 5 — Enterprise and Production Deployment

For teams running OpenClaw as business-critical infrastructure — customer message routing, automated reporting, time-sensitive CRM updates — the hardware calculus shifts entirely toward reliability and uptime over raw cost efficiency.

RAM: 32–128GB
CPU: 16+ threads or dedicated server hardware
Storage: RAID-backed NVMe or enterprise SSD
Network: Dedicated IP, monitored uptime
Container orchestration: Docker with PM2 process management, or Kubernetes for multi-gateway scaling

Consumer laptops are built for burst performance. Running an AI agent at 100% computational load for 72 hours straight on a laptop will cause thermal throttling — CPU cores dropping from 4.5GHz to 2.1GHz as heat builds. Dedicated hardware with active cooling isn’t about peak performance. It’s about consistency.

Supported Operating Systems and Architecture

OpenClaw supports three primary operating environments. macOS and Linux run the gateway natively. Windows requires WSL2 (Ubuntu is recommended inside WSL2). For server deployments, Linux is the most predictable and well-documented option.

On the architecture side, OpenClaw auto-detects your CPU architecture. Both x86_64 and ARM64 are fully supported. Apple Silicon (M1 through M4) receives native support via the macOS menu bar app or CLI. AWS Graviton 2, 3, and 4 instances are fully supported and often deliver better price-to-performance ratios than x86 equivalents for cloud deployments. The Raspberry Pi 5 on ARM64 works well for the lightweight Tier 1 scenario described above.

Memory Architecture: Understanding the OpenClaw RAM Budget

Here’s a framework I find genuinely useful when planning OpenClaw deployments — the RAM Budget Formula. Add up these components to calculate your actual memory requirement before you buy hardware:

Base gateway process: ~300MB
Per active messaging channel: ~100MB each
Per WebSocket client: ~10MB each
Per sandbox container: 256MB–1GB each
Browser instance (if enabled): 500MB–2GB
Local LLM weights (if running locally): varies by model size
Overhead buffer: add 20% to your total

Sum those numbers for your specific configuration, add 20%, and that’s your real RAM floor — not the 4GB figure in the README. This formula also explains why storage matters beyond just holding files. OpenClaw generates more disk writes than you might expect. Log accumulation, session files, memory persistence data, and Node.js module cache collectively consume significant space over time. The 20GB storage recommendation is double the minimum precisely to accommodate this growth.

How to Install OpenClaw Locally

The installation process is straightforward if you follow the correct sequence. These are the verified steps for a local deployment on Linux or macOS.

Step 1 — Verify Your Node.js Version

Before anything else, confirm you’re running Node.js 22 or higher. Run node --version in your terminal. If the output shows v18 or v20, install v22 via NVM on Linux (nvm install 22) or Homebrew on macOS (brew install node@22). An incorrect Node version is the most common cause of installation failures.

Step 2 — Clone the Repository

OpenClaw’s official repository lives at github.com/openclaw/openclaw. Clone it with git clone https://github.com/openclaw/openclaw.git, then navigate into the directory with cd openclaw.

Step 3 — Install Dependencies

The project prefers pnpm for package management. Run pnpm install to pull all dependencies. Installation typically takes 2–3 minutes, depending on your connection speed.

Step 4 — Run the Onboarding Setup

Run pnpm openclaw setup for first-time configuration. This writes the local config and workspace structure. Alternatively, run openclaw onboard in your terminal — the onboarding wizard guides you step-by-step through gateway setup, channel configuration, and skill installation. It’s the recommended path for new users.

Step 5 — Run the Diagnostics

Always run openclaw doctor after installation. This command surfaces misconfigured settings, missing dependencies, and risky DM policy configurations before they cause silent failures. Fixing issues at this stage saves hours of debugging later.

Step 6 — Start the Gateway

Start the gateway with pnpm gateway:watch for development (auto-reloads on changes) or configure it as a daemon using PM2 for always-on production deployment. PM2 ensures the gateway automatically restarts after crashes or system reboots.

Step 7 — Connect Your First Channel

Connect a messaging channel through the dashboard or CLI. For Telegram, create a bot through @BotFather, copy the token, and pair it through the OpenClaw interface. Once connected, you can interact with your agent from any device where you use that platform.

Advantages and Disadvantages of OpenClaw

The Case For OpenClaw

The privacy argument is the strongest one. Your data, sessions, and credentials never leave your hardware. For anyone handling sensitive personal or professional information, that’s not a feature — it’s a requirement. Local-first deployment also eliminates recurring API gateway costs over time.

The multi-channel approach is genuinely elegant. Most AI tools force you into their interface. OpenClaw meets you where you already are — your existing messaging apps. That reduces friction to nearly zero for daily use.

The model-agnostic design future-proofs your setup. When a better model launches, you switch providers in your config file. You’re not locked into one company’s product roadmap.

The extensibility through ClawHub skills and the open-source nature mean the community continuously expands what OpenClaw can do. Over 700 skills are available, and building custom skills in Markdown is accessible even for non-developers.

The Honest Downsides

OpenClaw is what I’d call a Sharp Knife Tool — powerful and precise, but unforgiving of mistakes. It requires comfortable familiarity with the command line, JSON configuration files, and basic server management concepts. If you’ve never used a terminal, this is not where you start.

Security demands active management. The critical CVE-2026-25253 Remote Code Execution vulnerability exposed unpatched deployments in early 2026. Always run openclaw update --force followed by openclaw security audit to verify your installation is patched and hardened. Skill permissions deserve scrutiny — a skill requesting shell execution access outside your workspace is a red flag worth taking seriously.

Hardware costs are real. A capable, always-on mini PC costs $400–700. That’s a one-time cost that pays back against subscription services over time, but the upfront investment is higher than cloud alternatives.

Foundation governance is still evolving. The non-profit foundation Steinberger announced has not yet published full governance documents as of April 2026. For teams evaluating long-term enterprise use, that’s a legitimate uncertainty to factor in.

OpenClaw Hardware Recommendations: Buying Guide by Budget

Let me translate all of this into concrete purchase recommendations organized by budget and use case. These reflect actual performance data from the community and hardware specifications verified as of April 2026.

Under $250 — Learning and Testing Only

The Intel N100 Mini PC (approximately $150–250) works as an entry point for learning the OpenClaw CLI, testing workflows, and API integration testing. Four efficient cores at 3.4GHz, 16GB RAM, and a 512GB SSD handle single-agent, cloud-API-only setups at low power draw. Don’t use this for browser automation or local inference.

The Raspberry Pi 5 (8GB) at approximately $80 is viable for Tier 1 personal use with strict resource discipline. Great for experimenting with the framework before committing to dedicated hardware.

$300–$500 — Single Agent, Serious Use

The Beelink MINI S13 (approximately $300–400, Intel i5-1235U, 12 threads, 16GB RAM, 500GB NVMe) handles single-agent deployments with cloud APIs reliably. A solid everyday choice if you don’t need local inference.

The GMKtec G3 Plus (approximately $300–400, 12 threads, 16GB RAM, 512GB NVMe) offers an upgrade path for light multi-agent testing. Good value for the price if you plan to grow into the platform gradually.

$480–$680 — Production-Grade Single or Multi-Agent

The GEEKOM A5 2025 (AMD Ryzen 5 7430U) is the community’s most recommended all-around choice. At 16GB RAM for approximately $480–580, it handles single-agent plus browser automation. Furthermore, at 32GB for approximately $545, it’s the go-to for 2–3 concurrent agents. And at 64GB for approximately $680, it offers maximum future-proofing for local model experimentation.

The Mac Mini M4 (16GB, approximately $599) deserves special consideration. Its unified memory architecture eliminates CPU-GPU memory transfer bottlenecks. Developers consistently report running 8 simultaneous OpenClaw agents with zero thermal throttling. If you’re already in the Apple ecosystem, this is the clear recommendation.

$650+ — Local Inference and Heavy Workloads

The ACEMAGIC F5A (AMD Ryzen AI 9 HX 370, 50 TOPS dedicated NPU, approximately $650) is purpose-built for always-on local model inference. The NPU handles LLM computation independently, keeping primary CPU cores available for other tasks. The OCuLink port enables connection to external desktop GPUs without Thunderbolt bandwidth limitations — useful if you plan to train models later.

For teams running 70B+ parameter models or deploying multiple concurrent inference instances, the ACEMAGIC M1A PRO+ (AMD Ryzen AI MAX+ 395, 128GB LPDDR5x, approximately $1,200+) provides workstation-grade memory bandwidth. Unified 128GB memory allows loading 70B parameter models entirely into RAM with zero swapping.

Security Hardening: Running OpenClaw Safely

A few non-negotiable security practices should accompany every OpenClaw deployment. These are not optional considerations — they’re the difference between a useful tool and a liability.

Run the gateway under a dedicated OS user account with no access to your personal home directory. If using Docker, mount only specific folders the agent needs — read-only mounts for sensitive documents prevent deletion while still allowing the agent to learn from them. Whitelist only your own Telegram or messaging platform user ID in the config file. Use a dedicated API key with a hard daily spending limit of $5–$10.

Approach ClawHub skill installation with the same diligence you’d apply to installing npm packages in production. Review requested permissions before installing. A weather skill requesting shell execution access is a significant red flag. The OpenClaw Foundation runs automated security scans on ClawHub submissions, but community-published skills carry inherent third-party risk.

The Future of OpenClaw Hardware: An Editorial Perspective

Something interesting is happening in the mini PC market right now. Hardware manufacturers are starting to design explicitly for AI agent hosting — not gaming, not general productivity, but always-on inference. The AMD Ryzen AI NPU line, NVIDIA’s NemoClaw reference stack for DGX Spark, and Apple Silicon’s unified memory architecture all point in the same direction: dedicated, efficient, local compute for autonomous agents.

The trend I’m watching closely is what the community calls “Mobile Nodes” and “Edge AI” — deploying OpenClaw not on a desktop mini PC but on compact ARM devices optimized for battery-backed, always-on operation. As LLM quantization techniques improve, 7B models will become genuinely viable on $200 hardware. That changes the access equation entirely.

My honest opinion: if you value data sovereignty and want to automate meaningful parts of your digital life, OpenClaw is the most capable self-hosted option available in April 2026. But it’s not for everyone. It rewards people who enjoy understanding how their tools work. If you want something that just works out of the box with zero configuration, this isn’t your tool. If you want control, transparency, and the ability to run a genuinely intelligent agent without sending your data to someone else’s server, OpenClaw is worth every hour of setup time.

Frequently Asked Questions About OpenClaw Hardware Requirements

What is the absolute minimum hardware to run OpenClaw?

OpenClaw requires a minimum of 2 CPU cores, 4GB RAM, and 10GB of SSD storage. You also need Node.js version 22 or higher. These specs support basic single-agent text operations only. They don’t leave sufficient headroom for browser automation, local LLMs, or sustained multi-task workflows.

Can I run OpenClaw on a Raspberry Pi?

Yes. The Raspberry Pi 5 with 8GB RAM handles Tier 1 deployments — single agent, cloud API calls only, no browser automation. ARM64 architecture is fully supported. Add a 2GB swap file for additional stability on lower-RAM Pi configurations.

Does OpenClaw work on Windows?

Yes, but only through WSL2 (Windows Subsystem for Linux). Ubuntu is the recommended WSL2 distribution. Configure WSL2 memory allocation via the .wslconfig file in your user profile directory. Native Windows execution is not supported.

How much RAM do I need to run a local LLM with OpenClaw?

16GB is the absolute minimum for running an 8B parameter model quantized to 4-bit precision. 32GB is the realistic baseline for responsive performance. A 70B parameter model requires 64–128GB of RAM to run without swapping.

What is the best mini PC for OpenClaw in 2026?

For most users, the GEEKOM A5 2025 with 32GB RAM (approximately $545) offers the best balance of capability, cost, and upgrade path. For Apple ecosystem users, the Mac Mini M4 with 16GB RAM (approximately $599) provides exceptional multi-agent performance. And for local inference workloads, the ACEMAGIC F5A with its dedicated NPU handles continuous AI computation most efficiently.

Can I run OpenClaw on a VPS without dedicated hardware?

Yes. A DigitalOcean $24/month droplet (4GB RAM) or a Hetzner CX43 ($13–14/month) handles two agents reliably. For four or more agents, move to 16GB instances or split across multiple servers. Be aware that monthly VPS costs often exceed the one-time cost of a dedicated mini PC over 12–18 months.

What is the recommended Node.js version for OpenClaw?

Node.js 22 or higher is required. Earlier versions, including Node 18 LTS and Node 20, cause installation failures and runtime errors. Always install Node 22 before attempting to install OpenClaw.

How do I verify my OpenClaw installation is configured correctly?

Run OpenCLAW Doctor immediately after installation. This command surfaces misconfigured settings, missing dependencies, and security policy issues. Run it again after any major update to confirm the installation remains healthy.

What storage type does OpenClaw require?

SSD is essential — HDD storage creates I/O bottlenecks during model loading, log writing, and session persistence. NVMe SSDs reduce model load times by approximately 40% compared to SATA SSDs. Plan for at least 20–50GB of dedicated storage, more if you enable verbose logging or run multiple agents simultaneously.

Is OpenClaw free to use?

Yes. OpenClaw is fully open-source under the MIT license. The framework itself is free. You’ll pay for the AI model API calls (typically $0.50–$2.00 per 100 tasks using Claude Sonnet) and any hardware or VPS hosting costs you choose to incur. Running local models through Ollama eliminates ongoing API costs entirely.

Check out other popular AI topics here at WE AND THE COLOR.

#ai #free #hardware #openSource #OpenClaw ##

CVE-2026-22039
(9.9 CRITICAL)

EPSS: 0.02%

updated 2026-02-02T15:13:57.440000

1 posts

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved `urlPath` is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated use

thehackerwire@mastodon.social at 2026-04-24T05:45:52.000Z ##

🟠 CVE-2026-41068 - High (7.7)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating the `URLPath` field. However, the ConfigMap conte...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41068/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-20362
(6.5 MEDIUM)

EPSS: 57.00%

updated 2025-11-06T14:51:19.950000

2 posts

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed softwar

threatnoir at 2026-04-25T15:09:49.914Z ##

⚠️ CRITICAL: FIRESTARTER Backdoor

APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…

##

threatnoir@infosec.exchange at 2026-04-25T15:09:49.000Z ##

⚠️ CRITICAL: FIRESTARTER Backdoor

APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…

##

CVE-2024-21887
(9.1 CRITICAL)

EPSS: 94.41%

updated 2025-10-31T21:56:55.430000

1 posts

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887

12 repos

https://github.com/gobysec/Goby

https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887

https://github.com/gobysec/GobyVuls

https://github.com/rxwx/pulse-meter

https://github.com/Chocapikk/CVE-2024-21887

https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser

https://github.com/yoryio/CVE-2023-46805

https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887

https://github.com/oways/ivanti-CVE-2024-21887

https://github.com/seajaysec/Ivanti-Connect-Around-Scan

https://github.com/pwniel/ivanti_shell

thecybermind@infosec.exchange at 2026-04-24T01:03:05.000Z ##

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
https://thecybermind.co/i1n8

https://thecybermind.co/2026/04/23/ivanti-connect-secure-cve-2023-46805/?utm_source=mastodon&utm_medium=jetpack_social

##

CVE-2025-20333
(9.9 CRITICAL)

EPSS: 41.43%

updated 2025-10-28T13:58:58.610000

2 posts

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials cou

threatnoir at 2026-04-25T15:09:49.914Z ##

⚠️ CRITICAL: FIRESTARTER Backdoor

APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…

##

threatnoir@infosec.exchange at 2026-04-25T15:09:49.000Z ##

⚠️ CRITICAL: FIRESTARTER Backdoor

APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…

##

CVE-2023-46805
(8.2 HIGH)

EPSS: 94.37%

updated 2025-10-22T00:34:00

1 posts

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.