MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-48584 | Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network. | 9.9 | 該当なし | 2026-06-19 | 2026-06-19 |
| CVE-2026-12539 | Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlis | 5.7 | 該当なし | 2026-06-18 | 2026-06-18 |
| CVE-2026-12039 | Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist. | 5.7 | 該当なし | 2026-06-18 | 2026-06-18 |
| CVE-2026-12505 | A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execut | 7.8 | 0.12% | 2026-06-18 | 2026-06-18 |
| CVE-2026-12529 | A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. | 6.9 | 0.28% | 2026-06-17 | 2026-06-18 |
| CVE-2026-53862 | OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits. | 2.3 | 0.09% | 2026-06-16 | 2026-06-16 |
| CVE-2026-53852 | OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore broader scopes than intended by submitting empty-scope re-pairing requests. Attackers can exploit this by sending re-pairing requests with empty scope sets to skip containment guards and retain unauthorized device access. | 2.3 | 0.17% | 2026-06-16 | 2026-06-16 |
| CVE-2026-53847 | OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope. | 5.3 | 0.18% | 2026-06-16 | 2026-06-16 |
| CVE-2026-53843 | OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and maintaining unauthorized access longer than intended. | 8.7 | 0.29% | 2026-06-16 | 2026-06-18 |
| CVE-2026-53776 | Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false in the verify_decode helper within the stdlib JWT verification path. Attackers in possession of a previously issued bearer token can present expired tokens to any jwt.verify() call and retain authenticated access indefinitely, bypassing force-expired sessions such as user logout or administrative revocation. | 9.3 | 0.36% | 2026-06-16 | 2026-06-16 |
| CVE-2026-49780 | Customer Privilege Escalation in Dokan <= 5.0.2 versions. | 8.8 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49083 | Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | 7.5 | 0.31% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49063 | Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. | 7.3 | 0.22% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48889 | Subscriber Privilege Escalation in Amelia <= 2.3 versions. | 8.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39587 | Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions. | 8.1 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39583 | Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. | 9.8 | 0.36% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39579 | Contributor Privilege Escalation in B Blocks <= 2.0.31 versions. | 8.8 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39470 | Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions. | 7.2 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-34901 | Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions. | 9.8 | 0.32% | 2026-06-15 | 2026-06-15 |
| CVE-2026-27407 | Editor Privilege Escalation in AI Engine <= 3.4.9 versions. | 7.2 | 0.50% | 2026-06-15 | 2026-06-15 |