Cve

Three command injection vulnerabilities in Claude Code CLI — CVE-2026-35020, CVE-2026-35021, and CVE-2026-35022 — carry CVSS scores of 9.8 (Critical) and chain together to enable credential exfiltration over HTTP. If you’re running Claude Code in any CI/CD pipeline, this guide walks you through immediate mitigation steps and longer-term hardening practices. This is not optional maintenance. These are exploitable, validated vulnerabilities with confirmed callback evidence. Prerequisites Access to your Claude Code CLI deployment(s) Access to your CI/CD pipeline configurations (GitHub Actions, GitLab CI, Jenkins, or equivalent) Basic shell access to environments where Claude Code runs Permission to update environment variable configurations and outbound network rules Step 1: Check Your Version and Patch Immediately The vulnerabilities are confirmed exploitable on v2.1.91 and earlier. Your first action is to identify and update every Claude Code CLI instance. ...

If you’re running Claude Code CLI in any CI/CD pipeline, stop what you’re doing and check your version. Right now. Three newly registered CVEs — CVE-2026-35020, CVE-2026-35021, and CVE-2026-35022 — are command injection flaws in Claude Code CLI that researchers at phoenix.security validated as exploitable on v2.1.91 as recently as April 3, 2026. They chain together to enable credential exfiltration over plain HTTP, and every one of them carries a CVSS score of 9.8 (Critical). On top of that, Anthropic shipped a separate patch on April 6 for a distinct high-severity deny-rule bypass — both security issues trace back to the same Claude Code source leak. ...

CVE-2026-33579 is a critical privilege escalation vulnerability in OpenClaw (CVSS 8.1–9.8) that allowed anyone with operator.pairing scope — the lowest permission level — to silently grant themselves full admin access. It was patched in v2026.3.28, but the exploit leaves no obvious trace. Security experts recommend that any OpenClaw instance running a pre-patch version should be treated as potentially compromised, even without visible evidence of breach. This checklist walks you through the full audit process. ...

If you’re running a self-hosted OpenClaw instance and haven’t patched in the last week, stop what you’re doing. Security researchers are using a phrase that should make any sysadmin’s stomach drop: “assume compromise.” That’s not alarmism. It’s a measured response to CVE-2026-33579 — a critical privilege escalation vulnerability in OpenClaw that was patched earlier this week, but not before potentially exposing thousands of installations to silent, undetectable admin takeover. What Is CVE-2026-33579? The vulnerability affects all versions of OpenClaw prior to v2026.3.28. Its CVSS score ranges from 8.1 to 9.8 depending on the metric used — squarely in the “critical” band. ...

Microsoft has disclosed CVE-2026-32211, a critical information disclosure vulnerability in Azure MCP Server with a CVSS 3.1 score of 9.1. If you run any Azure MCP Server deployment — and the number of organizations doing so has grown dramatically as agentic workloads moved into production — this one requires immediate attention. The short version: an unauthenticated attacker with network access can read sensitive data from your MCP server. No credentials needed. No prior foothold required. Just a network path and knowledge of the right request. ...

CVE-2026-32211 is a CVSS 9.1 information disclosure vulnerability in Azure MCP Server. Missing authentication allows unauthenticated attackers with network access to read sensitive data — API keys, agent tokens, and data source credentials the MCP server manages. No credentials required to exploit. No prior access needed. This guide walks through the immediate mitigation steps while an official patch is pending, and the longer-term hardening practices that should apply to any MCP server deployment. ...

If you’re running OpenClaw on any version before 2026.3.28, stop reading and go update. Right now. We’ll be here when you get back. For everyone else: here’s what happened, why it’s serious, and exactly how to verify you’re protected against two freshly disclosed critical vulnerabilities: CVE-2026-33579 and CVE-2026-34426. What Are These Vulnerabilities? CVE-2026-33579 — Privilege Escalation via /pair approve (CVSS 8.1–9.8) This is the big one. Rated between 8.1 and 9.8 out of 10 on the CVSS scale, CVE-2026-33579 allows an attacker who holds operator.pairing scope — the lowest meaningful permission in an OpenClaw deployment — to silently approve device pairing requests that ask for operator.admin scope. ...

The open-source AI agent framework that conquered the internet in four months is now facing its most serious security reckoning yet. A comprehensive study published March 31 by Web3 security firm CertiK paints a stark picture: OpenClaw has accumulated over 100 CVEs and 280 security advisories since its release, with more than 135,000 internet-exposed instances actively leaking credentials — and a malware-infested skills marketplace that’s quietly targeting user wallets. The Architectural Problem Nobody Wanted to Talk About OpenClaw was originally designed for trusted local environments. You ran it on your laptop, it had access to your files and accounts, and that was fine because it was your machine. ...

Security researcher Yarden Porat at Cyata published findings this week that should be required reading for anyone running CrewAI in production: four critical CVEs, chainable via prompt injection, that allow attackers to escape Docker sandboxes and execute arbitrary code on the host machine. CERT/CC issued advisory VU#221883. Patches are available. What Was Found Porat’s research identified four vulnerabilities in CrewAI that can be chained together: CVE-2026-2275 — The initial vector: a prompt injection flaw that allows malicious content in agent inputs to manipulate how CrewAI processes tool calls. Normally, tool calls are structured, validated operations. This CVE allows crafted input to make the framework treat attacker-controlled content as legitimate tool invocations. ...

RSAC 2026 is where the agentic AI security conversation got serious, and the number that defined it was 500,000. That’s the estimated count of internet-facing OpenClaw instances identified by security researchers — a deployment footprint that arrived faster than the security tooling needed to manage it. VentureBeat’s analysis at the conference laid out an uncomfortable reality: half a million instances, three unpatched high-severity CVEs, and no mechanism for fleet-wide patching or emergency shutdown. ...