CVE-2026-28477 | OpenClaw up to 2026.2.13 OAuth Call cross-site request forgery (GHSA-7rcp-mxpq-72pj)

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability categorized as problematic has been discovered in OpenClaw up to 2026.2.13. This affects an unknown part of the component OAuth Call Handler. Such manipulation leads to cross-site request forgery.

This vulnerability is documented as CVE-2026-28477. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-28477 | OpenClaw up to 2026.2.13 OAuth Call cross-site request forgery (GHSA-7rcp-mxpq-72pj)

Post correlati

CVE-2025-10481 | SourceCodester Online Student File Management System 1.0 /remove_file.php ID sql injection

CVE-2024-46648 | eNMS 4.4.0/4.7.1 scan_folder path traversal

CVE-2024-23637 | OctoPrint up to 1.9.3 unverified password change (GHSA-5626-pw9c-hmjr)

CVE-2025-5257 | Mautic up to 6.0.1/5.4.5/4.4.15 /page/preview/1 improper validation of specified quantity in input (GHSA-cqx4-9vqf-q3m8)