MAL-2026-3757
Vulnerability from ossf_malicious_packages
Published
2026-05-14 19:25
Modified
2026-05-26 07:50
Summary
Malicious code in claw-subagent-service (npm)
Details
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (36657c2be433b784c573082d364304325acccf033f70df17dbfe104b0173ccbe)
claw-subagent-service installs itself as a privileged auto-starting system service (Windows service via post-install.js svc.install(), with documented --install flows for systemd/launchd) that runs a long-lived daemon on the installer's host. The daemon performs three concurrent installer-harm behaviors:
-
Remote command channel (backdoor): the daemon connects to a vendor-controlled RongCloud IM tenant (appKey
bmdehs6pbyyks, token fromhttps://newsradar.dreamdt.cn/im) and processes inbound IM messages as commands.rongyun-message-handler.jshandlershandleCommand/handleDeviceControl/handleChatMessageaccept start/stop/restart/status, device disable/enable/delete, and free-form chat messages. Chat messages are POSTed byservice/modules/opencode-service.jsto the local opencode AI gateway athttp://127.0.0.1:4096/session/<id>/messagewith a system prompt explicitly instructing shell execution (nohup openclaw gateway...,pkill -f "openclaw gateway",openclaw doctor --fix). Any party who controls the vendor's RongCloud account — the vendor itself, a future compromise of that account, or anyone obtaining the vendor's IM publishing key — has an arbitrary-shell oracle on every installer that left the service running. -
Continuous data exfiltration:
service/modules/heartbeat-dashboard.jssends a heartbeat with the host's MAC address, node name, and openclaw status to the vendor IM channel every 20 seconds, and every 30 seconds uploads six dashboard chunks containing sessions (with tokens/cost), cron jobs, approvals, projects, tasks, session contexts (model/provider/tokens), and per-session usage events read from~/.openclaw/agents/*/sessions/*.jsonl. No installer prompt or opt-out. -
Privileged self-update:
service/updater.jspollsnpm view claw-subagent-service versionevery 6 hours and runsnpm install -g claw-subagent-service@<version>as the service account (Windows SYSTEM / systemd root), then restarts the worker. Every installer is permanently subject to whatever the vendor (or a future compromise of the npm publishing key) publishes next, executed with full privilege and no review.
Documentation of the architecture in the README does not change the threat model: the package gives a remote third party persistent privileged remote-command, exfiltration, and code-replacement access on the installer's machine.
CWE
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
- CWE-506 - The product contains code that appears to be malicious in nature.
Credits
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
},
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "service/updater.js",
"sha256": "82c472efae06f77cbcd6f99d6a4f55dfd7a1cb1065d51b9abc775ad390115d32",
"tlsh": "e902519956fb923597b2326d2b9b2019272ee1073119cd6cfbdc03907f412284762fe9"
},
{
"path": "service/modules/opencode-starter.js",
"sha256": "30b07d0fed08658a11000aa7b58a5dd2812b2162e7f7f1648621c551d08b9a9e",
"tlsh": "60b1fe48d02621bf1e71a770a727803fd65db0234a81db69bfde07503f322a91602ee9"
},
{
"path": "service/modules/rongyun-message-handler.js",
"sha256": "3ed8b2386f7ad6c08531f9ff6b72a709d56ef5f0986a53dc32824571956bca11",
"tlsh": "5642145e26fe182e45759299fe133022db12d22f740352ae7ebc9bc05f35090994af74"
},
{
"path": "service/modules/dashboard-collector.js",
"sha256": "e57dee50e8ab1fa17c230882899a8bfb5bed46e935be0bb22b3e3dab9cb6e3a8",
"tlsh": "5072b95ca83362358771a3645b775529fb26e23333424295bbbc82847f71c24d2a6fec"
},
{
"path": "scripts/post-install.js",
"sha256": "8482ef817e20bfcb250b15ab00de4b946c2651672476cc5a9df071b9812c99d0",
"tlsh": "1a91f19814fe43b02d738095275f116b3d6b9903214cf9adf6ed435e5fc261482a35ee"
}
],
"package_integrity": [
{
"filename": "claw-subagent-service-0.0.80.tgz",
"hashes": {
"sha1": "6b719adc9a4956246570e48af9012e1b1bce12da",
"sha512_sri": "sha512-F8RWoIVNCcJzGvwS7v2wIQDZMh7CFBdskp9sBDL3bO4z/UMi1Bj4E6YrnEqqYxXNnCAq9+4jM50GoQXfcnrD4w=="
}
}
]
}
},
"package": {
"ecosystem": "npm",
"name": "claw-subagent-service"
},
"versions": [
"0.0.80",
"0.0.91",
"0.0.120",
"0.0.113",
"0.0.99",
"0.0.101",
"0.0.116",
"0.0.122",
"0.0.105",
"0.0.138",
"0.0.108",
"0.0.102",
"0.0.109",
"0.0.140",
"0.0.136",
"0.0.130",
"0.0.117",
"0.0.110",
"0.0.141",
"0.0.137",
"0.0.114",
"0.0.151",
"0.0.149",
"0.0.146"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-002709",
"import_time": "2026-05-15T07:37:17.616805105Z",
"modified_time": "2026-05-14T19:25:16Z",
"sha256": "cffe41c34a6702c2b84f2c907dbf451269481608a72724c4b91ebf5d6b4838a6",
"source": "amazon-inspector",
"versions": [
"0.0.80"
]
},
{
"id": "IN-MAL-2026-003599",
"import_time": "2026-05-26T05:50:56.31089624Z",
"modified_time": "2026-05-20T19:29:40Z",
"sha256": "36657c2be433b784c573082d364304325acccf033f70df17dbfe104b0173ccbe",
"source": "amazon-inspector",
"versions": [
"0.0.91"
]
},
{
"id": "IN-MAL-2026-004159",
"import_time": "2026-05-26T05:52:02.992812712Z",
"modified_time": "2026-05-22T07:05:51Z",
"sha256": "48f868daf1dbecb4d933bab3463f3b7282591204e9b986716d2c9cd3608e263d",
"source": "amazon-inspector",
"versions": [
"0.0.120"
]
},
{
"id": "IN-MAL-2026-004125",
"import_time": "2026-05-26T05:51:59.105538097Z",
"modified_time": "2026-05-22T02:25:48Z",
"sha256": "733a45db422bf6eb3db666a43d8fe2af97838027cc1a8e03b4a01b3299a3bd94",
"source": "amazon-inspector",
"versions": [
"0.0.113"
]
},
{
"id": "IN-MAL-2026-003715",
"import_time": "2026-05-26T05:51:10.270902399Z",
"modified_time": "2026-05-21T03:01:12Z",
"sha256": "95cefec7be266dfeeb149accfa155b4dcd840b95cc519fde7c2821905fdc419b",
"source": "amazon-inspector",
"versions": [
"0.0.99"
]
},
{
"id": "IN-MAL-2026-003758",
"import_time": "2026-05-26T05:51:15.444153183Z",
"modified_time": "2026-05-21T06:27:47Z",
"sha256": "99f0ef22930df709f974171e0df480254eef2ef9c93a6a5223996c121ff6987b",
"source": "amazon-inspector",
"versions": [
"0.0.101"
]
},
{
"id": "IN-MAL-2026-004136",
"import_time": "2026-05-26T05:52:00.313222544Z",
"modified_time": "2026-05-22T05:40:24Z",
"sha256": "303446c72fa50219b6746e3a2008f6de4e1d12779404219825601c277f18e473",
"source": "amazon-inspector",
"versions": [
"0.0.116"
]
},
{
"id": "IN-MAL-2026-004169",
"import_time": "2026-05-26T05:52:04.237204432Z",
"modified_time": "2026-05-22T08:19:40Z",
"sha256": "30fdbc682901d04eb97e8cb6d8c14956c8e09aca2f956bd87c59f00599d10f60",
"source": "amazon-inspector",
"versions": [
"0.0.122"
]
},
{
"id": "IN-MAL-2026-003786",
"import_time": "2026-05-26T05:51:18.731610032Z",
"modified_time": "2026-05-21T09:01:50Z",
"sha256": "5df13d641a03a27652af69077359099e972dde7bac0c72d383508f92d8841070",
"source": "amazon-inspector",
"versions": [
"0.0.105"
]
},
{
"id": "IN-MAL-2026-004612",
"import_time": "2026-05-26T05:52:56.768504436Z",
"modified_time": "2026-05-25T09:03:20Z",
"sha256": "bc1cb8def110e7bdd0e843499b852c9a6f3af0b52c1ff2611c49e5e418785675",
"source": "amazon-inspector",
"versions": [
"0.0.138"
]
},
{
"id": "IN-MAL-2026-003789",
"import_time": "2026-05-26T05:51:19.071489778Z",
"modified_time": "2026-05-21T09:11:53Z",
"sha256": "4d1a6ae7eae94d775f1d21680c365105891c30eb2e87d8d1d1d69e44819e8111",
"source": "amazon-inspector",
"versions": [
"0.0.108"
]
},
{
"id": "IN-MAL-2026-003763",
"import_time": "2026-05-26T05:51:16.091311546Z",
"modified_time": "2026-05-21T06:41:22Z",
"sha256": "ab72eb7ec46c1907b7a6b3e7a6cb9de58b8406633d31a286124e47b511960471",
"source": "amazon-inspector",
"versions": [
"0.0.102"
]
},
{
"id": "IN-MAL-2026-003792",
"import_time": "2026-05-26T05:51:19.405169047Z",
"modified_time": "2026-05-21T09:19:00Z",
"sha256": "d06927fc08f20b60826111731ea8ed22740b01cb298615311f35eea4aef371b8",
"source": "amazon-inspector",
"versions": [
"0.0.109"
]
},
{
"id": "IN-MAL-2026-004619",
"import_time": "2026-05-26T05:52:57.657155057Z",
"modified_time": "2026-05-25T10:01:48Z",
"sha256": "e4c465488fc835c702f879ee07edae63f2d817677b65efb9ca9b8ecbe66d761d",
"source": "amazon-inspector",
"versions": [
"0.0.140"
]
},
{
"id": "IN-MAL-2026-004608",
"import_time": "2026-05-26T05:52:56.16366997Z",
"modified_time": "2026-05-25T08:43:08Z",
"sha256": "fec887eac0cd06fe2e0ab422610657d5a210d5d1f946a052fbc56584e79fba08",
"source": "amazon-inspector",
"versions": [
"0.0.136"
]
},
{
"id": "IN-MAL-2026-004588",
"import_time": "2026-05-26T05:52:53.811456578Z",
"modified_time": "2026-05-25T06:15:39Z",
"sha256": "333fba03fc604abdd5ccbe25a3d35c4b7bd81e5e8e786e8b6a132a0f650df9a4",
"source": "amazon-inspector",
"versions": [
"0.0.130"
]
},
{
"id": "IN-MAL-2026-004137",
"import_time": "2026-05-26T05:52:00.466691946Z",
"modified_time": "2026-05-22T06:04:40Z",
"sha256": "794dad83a81c79ee83ec6c3fba1cc2033e7f7dc960218c84ff3dc2431ab9d9d9",
"source": "amazon-inspector",
"versions": [
"0.0.117"
]
},
{
"id": "IN-MAL-2026-003793",
"import_time": "2026-05-26T05:51:19.500932639Z",
"modified_time": "2026-05-21T09:33:37Z",
"sha256": "7dc1f62ea4a6d815ae987b34f9bec5475377bb9779e941c1704cd9ca5b17473a",
"source": "amazon-inspector",
"versions": [
"0.0.110"
]
},
{
"id": "IN-MAL-2026-004621",
"import_time": "2026-05-26T05:52:57.9350433Z",
"modified_time": "2026-05-25T10:17:56Z",
"sha256": "e253b3e58b41aa4bb3427195d4b3a9a1b0b7fa0336d3632b954ed6f01028f67b",
"source": "amazon-inspector",
"versions": [
"0.0.141"
]
},
{
"id": "IN-MAL-2026-004609",
"import_time": "2026-05-26T05:52:56.440683683Z",
"modified_time": "2026-05-25T08:54:34Z",
"sha256": "0703ce6de2620bf057068954a5d65415320294df003738fd84d1b8e181d04de1",
"source": "amazon-inspector",
"versions": [
"0.0.137"
]
},
{
"id": "IN-MAL-2026-004126",
"import_time": "2026-05-26T05:51:59.257705869Z",
"modified_time": "2026-05-22T02:39:02Z",
"sha256": "30ccb28b8d00615bbabb9298997ae2a1a5126408f52465cf8eae97617cf96b28",
"source": "amazon-inspector",
"versions": [
"0.0.114"
]
},
{
"id": "IN-MAL-2026-004853",
"import_time": "2026-05-26T07:48:28.165131685Z",
"modified_time": "2026-05-26T07:00:10Z",
"sha256": "1062890dca012ff08aec1ffeec8afd26460c4ae0cfd633b137f799c3067c91ea",
"source": "amazon-inspector",
"versions": [
"0.0.151"
]
},
{
"id": "IN-MAL-2026-004852",
"import_time": "2026-05-26T07:48:28.113541862Z",
"modified_time": "2026-05-26T06:51:48Z",
"sha256": "b6778ae3f21c2b7f88ec0263297a216890d13ee290aa64a2ee3fcdded87d7bf5",
"source": "amazon-inspector",
"versions": [
"0.0.149"
]
},
{
"id": "IN-MAL-2026-004854",
"import_time": "2026-05-26T07:48:28.206103557Z",
"modified_time": "2026-05-26T07:00:29Z",
"sha256": "d84635712776e58ee8c8027284ddb58636d5e492f73f40aaf85ca8ffb1bbfa62",
"source": "amazon-inspector",
"versions": [
"0.0.146"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (36657c2be433b784c573082d364304325acccf033f70df17dbfe104b0173ccbe)\nclaw-subagent-service installs itself as a privileged auto-starting system service (Windows service via post-install.js `svc.install()`, with documented `--install` flows for systemd/launchd) that runs a long-lived daemon on the installer\u0027s host. The daemon performs three concurrent installer-harm behaviors:\n\n1. Remote command channel (backdoor): the daemon connects to a vendor-controlled RongCloud IM tenant (appKey `bmdehs6pbyyks`, token from `https://newsradar.dreamdt.cn/im`) and processes inbound IM messages as commands. `rongyun-message-handler.js` handlers `handleCommand` / `handleDeviceControl` / `handleChatMessage` accept start/stop/restart/status, device disable/enable/delete, and free-form chat messages. Chat messages are POSTed by `service/modules/opencode-service.js` to the local opencode AI gateway at `http://127.0.0.1:4096/session/\u003cid\u003e/message` with a system prompt explicitly instructing shell execution (`nohup openclaw gateway...`, `pkill -f \"openclaw gateway\"`, `openclaw doctor --fix`). Any party who controls the vendor\u0027s RongCloud account \u2014 the vendor itself, a future compromise of that account, or anyone obtaining the vendor\u0027s IM publishing key \u2014 has an arbitrary-shell oracle on every installer that left the service running.\n\n2. Continuous data exfiltration: `service/modules/heartbeat-dashboard.js` sends a heartbeat with the host\u0027s MAC address, node name, and openclaw status to the vendor IM channel every 20 seconds, and every 30 seconds uploads six dashboard chunks containing sessions (with tokens/cost), cron jobs, approvals, projects, tasks, session contexts (model/provider/tokens), and per-session usage events read from `~/.openclaw/agents/*/sessions/*.jsonl`. No installer prompt or opt-out.\n\n3. Privileged self-update: `service/updater.js` polls `npm view claw-subagent-service version` every 6 hours and runs `npm install -g claw-subagent-service@\u003cversion\u003e` as the service account (Windows SYSTEM / systemd root), then restarts the worker. Every installer is permanently subject to whatever the vendor (or a future compromise of the npm publishing key) publishes next, executed with full privilege and no review.\n\nDocumentation of the architecture in the README does not change the threat model: the package gives a remote third party persistent privileged remote-command, exfiltration, and code-replacement access on the installer\u0027s machine.\n",
"id": "MAL-2026-3757",
"modified": "2026-05-26T07:50:24Z",
"published": "2026-05-14T19:25:16Z",
"references": [
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.80"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.91"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.120"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.113"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.99"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.101"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.116"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.122"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.105"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.138"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.108"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.102"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.109"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.140"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.136"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.130"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.117"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.110"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.141"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.137"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.114"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.151"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.149"
},
{
"type": "PACKAGE",
"url": "https://www.npmjs.com/package/claw-subagent-service/v/0.0.146"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in claw-subagent-service (npm)"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…