Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit acc7e1832f12 · 2026-04-17T22:21:27.000Z
GHSA-5cwg-9f6j-9jvx GHSA-85gx-3qv6-4463 GHSA-f7fh-qg34-x2xh
diff --git a/advisories/github-reviewed/2026/04/GHSA-5cwg-9f6j-9jvx/GHSA-5cwg-9f6j-9jvx.json b/advisories/github-reviewed/2026/04/GHSA-5cwg-9f6j-9jvx/GHSA-5cwg-9f6j-9jvx.json
@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5cwg-9f6j-9jvx",
+  "modified": "2026-04-17T22:19:38Z",
+  "published": "2026-04-17T22:19:38Z",
+  "aliases": [
+    "CVE-2026-35603"
+  ],
+  "summary": "Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows",
+  "details": "On Windows, Claude Code loaded system-wide default configuration from `C:\\ProgramData\\ClaudeCode\\managed-settings.json` without validating directory ownership or access permissions. Because the `ProgramData` directory is writable by non-administrative users by default and the `ClaudeCode` subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching Claude Code on the same machine. Exploiting this would have required a shared multi-user Windows system and a victim user to launch Claude Code after the malicious configuration was placed.\n\nUsers on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version.\n\nThank you to hackerone.com/edbr for reporting this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@anthropic-ai/claude-code"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.1.75"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/anthropics/claude-code/security/advisories/GHSA-5cwg-9f6j-9jvx"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35603"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/anthropics/claude-code"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-426"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-17T22:19:38Z",
+    "nvd_published_at": "2026-04-17T21:16:33Z"
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-85gx-3qv6-4463/GHSA-85gx-3qv6-4463.json b/advisories/github-reviewed/2026/04/GHSA-85gx-3qv6-4463/GHSA-85gx-3qv6-4463.json
@@ -0,0 +1,98 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-85gx-3qv6-4463",
+  "modified": "2026-04-17T22:20:40Z",
+  "published": "2026-04-17T22:20:40Z",
+  "aliases": [],
+  "summary": "Dapr: Service Invocation path traversal ACL bypass",
+  "details": "### Summary\n\nA vulnerability has been found in Dapr that allows bypassing access control policies for service invocation using reserved URL characters and path traversal sequences in method paths. The ACL normalized the method path independently from the dispatch layer, so the ACL evaluated one path while the target application received a different one.\n\nUsers who have configured access control policies for service invocation are strongly encouraged to upgrade Dapr to the respective patch version `1.17.5`, `1.16.14`, and `1.15.14`.\n\n### Impact\n\nThis vulnerability impacts Dapr users who have configured access control policies for service invocation. An attacker who can reach the Dapr HTTP or gRPC API could:\n\n- Use encoded path traversal (ex: `admin%2F..%2Fpublic`) to reach an allowed path while the method started from a denied prefix.\n- Use encoded fragment (`%23`) or query (`%3F`) characters to cause the ACL to evaluate a different path than what was delivered to the target application.\n\n### Patches\n\nUsers should upgrade immediately to their respective Dapr version `1.17.5`, `1.16.14`, and `1.15.14`.\n\n### Details\n\nDapr supports access control policies for service invocation, which allow operators to restrict which methods an application is permitted to call on a target app. When a request arrives, Dapr evaluates the method path against the configured policy before dispatching to the target.\n\nPrior to this fix, the ACL and the dispatch layer normalized the method path independently. The ACL used `purell.NormalizeURLString`, which decoded `%XX` sequences, resolved `../`, and stripped `#` and `?` as URL delimiters. The dispatch layer used the raw method string. This mismatch meant the ACL authorized one path while the target application received a different one.\n\nFor example, a method of `admin%2F..%2Fpublic` was normalized by the ACL to public (allowed), but the target application received `admin/../public`. \n\nThe gRPC API was the more dangerous vector because gRPC passes method strings raw — `#`, `?`, `../`, and control characters were all delivered literally with no client-side sanitization.\n\n### References\n\n[This PR](https://github.com/dapr/dapr/pull/9589) signaled to us about the CVE, special thanks to @dbconfession78 for the efforts here and the original PR.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/dapr/dapr"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.17.0-rc.1"
+            },
+            {
+              "fixed": "1.17.5"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/dapr/dapr"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.16.0-rc.1"
+            },
+            {
+              "fixed": "1.16.14"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/dapr/dapr"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.3.0"
+            },
+            {
+              "fixed": "1.15.14"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/dapr/dapr/security/advisories/GHSA-85gx-3qv6-4463"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/dapr/dapr/pull/9589"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/dapr/dapr"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22",
+      "CWE-284"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-17T22:20:40Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/04/GHSA-f7fh-qg34-x2xh/GHSA-f7fh-qg34-x2xh.json b/advisories/github-reviewed/2026/04/GHSA-f7fh-qg34-x2xh/GHSA-f7fh-qg34-x2xh.json
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f7fh-qg34-x2xh",
+  "modified": "2026-04-17T22:18:28Z",
+  "published": "2026-04-17T22:18:28Z",
+  "aliases": [],
+  "summary": "OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets",
+  "details": "## Summary\n\nCDP /json/version WebSocket URL could pivot to untrusted second-hop targets.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.5`\n- Patched versions: `>= 2026.4.5`\n\n## Impact\n\nA browser profile could trust a CDP `/json/version` response whose `webSocketDebuggerUrl` pointed at a different host, enabling a second-hop SSRF-style pivot.\n\n## Technical Details\n\nThe fix normalizes and re-validates direct CDP WebSocket targets before connecting.\n\n## Fix\n\nThe issue was fixed in #60469. The first stable tag containing the fix is `v2026.4.5`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `bc356cc8c2beaa747c71dd86cceab8f804699665`\n- PR: #60469\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.5 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @tdjackey for reporting this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.4.5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f7fh-qg34-x2xh"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/pull/60469"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/bc356cc8c2beaa747c71dd86cceab8f804699665"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-17T22:18:28Z",
+    "nvd_published_at": null
+  }
+}
