This archive includes all published incident pages. Page 13 of 18.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: February 17, 2026 | Published: February 25, 2026
Summary A mismatch between rawCommand and command[] in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv.
Incident date: February 17, 2026 | Published: February 25, 2026
Summary The Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. ### Affected versions - = 2026.2.
Incident date: February 17, 2026 | Published: February 25, 2026
Summary OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key , the app shows a confirmation dialog that previously displayed only the first 240 characters of the...
Incident date: February 17, 2026 | Published: February 25, 2026
Summary In the optional Twitch channel plugin ( extensions/twitch ), allowFrom is documented as a hard allowlist of Twitch user IDs, but it was not enforced as a hard gate.
Incident date: February 17, 2026 | Published: February 25, 2026
Summary The OpenClaw Nostr channel plugin (optional, disabled by default, installed separately) exposes profile management HTTP endpoints under /api/channels/nostr/:accountId/profile (GET/PUT) and...
Incident date: February 17, 2026 | Published: February 25, 2026
Summary Versions of the openclaw npm package prior to 2026.2.2 could be coerced into fetching arbitrary http(s) URLs during attachment/media hydration.
Incident date: February 17, 2026 | Published: February 25, 2026
Summary The XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the...
Incident date: February 17, 2026 | Published: February 25, 2026
Impact An issue was discovered in httpsig-hyper where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison: rust if matches!
Incident date: February 17, 2026 | Published: February 25, 2026
**Description:** A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service (DoS) condition or upload arbitrary files.
Incident date: February 17, 2026 | Published: February 25, 2026
Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node.