Depthfirstdisclosures

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.1.29 **Description** An authentication bypass issue exists in the WebSocket gateway of OpenClaw. The software fails to validate the user-supplied `gatewayUrl` parameter before initializing WebSocket connections. This allows unauthenticated remote attackers to exfiltrate bearer tokens and perform server-side request forgery (SSRF), which is a technique where an attacker forces a server to make requests to internal or external resources. Exploitation can lead to the disclosure of authentication tokens, theft of cloud metadata and IAM credentials, and full compromise of connected automation workflows. In some configurations, this can allow attackers to execute arbitrary code on the host machine, potentially granting access to the file system and shell. Active exploitation has been observed in the wild. **Recommendations** Upgrade to OpenClaw version 2026.1.29 or later. Restrict external access to OpenClaw dashboard endpoints. Deploy WAF rules to block malicious `gatewayUrl` values. Enforce strict egress filtering. Rotate all exposed credentials.

**Name of the Vulnerable Software and Affected Versions** Sandboxie versions 1.16.6 and below **Description** Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. The SYSTEM-level service `SbieSvc.exe` exposes the `SbieIniServer::RC4Crypt` function to sandboxed processes. This function adds a fixed header size to a caller-controlled `value len` without performing adequate overflow checks. Providing a large `value len` (for example, 0xFFFFFFF0) causes the allocation size to wrap around, resulting in a heap overflow when attacker-controlled data is copied into a buffer that is too small. Successful exploitation allows sandboxed processes to execute arbitrary code with SYSTEM privileges, leading to full host compromise. **Recommendations** Update Sandboxie to version 1.16.7 or later.

**Name of the Vulnerable Software and Affected Versions** Swetrix Web Analytics API versions prior to 7d8b972 **Description** A directory traversal issue exists in Swetrix Web Analytics API 3.1.1 before commit 7d8b972. This allows a remote attacker to achieve Remote Code Execution via a crafted HTTP request. **Recommendations** Update Swetrix Web Analytics API to version 7d8b972 or later.