4 articles connected to this topic.
Between March 18 and 21, nine OpenClaw CVEs dropped — including a 9.9 critical that let any authenticated user become admin by asking nicely. A timeline, breakdown, and what it means for self-hosters.
CVE-2026-0628 allowed any Chrome extension with basic permissions to hijack the Gemini side panel — gaining access to your camera, microphone, local files, and screenshots. Here's what happened and what it means for browser-embedded AI.
BlueRock Security scanned 7,000+ MCP servers and found 36.7% vulnerable to SSRF. Trend Micro found 492 exposed with no authentication. The MCP ecosystem has a systemic security problem.
CVE-2026-27825 allows unauthenticated remote code execution through mcp-atlassian's Confluence integration. Another reminder that MCP tool security is the weakest link in agent deployments.