Cyber Threat Brief — 2026-02-28
⚠️ This report is AI-generated. Always validate findings.
Cyber Threat Brief — 2026-02-28
Summary
2 new items met the 24-hour rule (both original disclosures on GitHub Advisories). Highest severity: Critical (Vikunja account takeover via password reset token reuse).
1. Vikunja Password Reset Token Reuse → Persistent Account Takeover (CVE-2026-28268)
What’s New
A logic flaw means password reset tokens remain valid indefinitely (not invalidated on use + broken cleanup cron), enabling persistent account takeover if a single token is exposed.
Technical Details
| Field | Value |
|---|---|
| CVE | CVE-2026-28268 |
| CVSS | 9.8 (per GitHub Advisory page UI) |
| Affected | Vikunja API versions < 2.1.0 |
| Exploit | No public PoC observed in GitHub PoC search (last 24h) |
| CISA KEV | No |
Key mechanics (per advisory):
- Reset flow deletes the wrong token kind (email confirm instead of password reset), leaving the reset token valid.
- Cleanup job’s time comparison is inverted, deleting new tokens and keeping old ones.
TTPs
| Tactic | Technique | Observable |
|---|---|---|
| Initial Access | T1190 — Exploit Public-Facing Application | Exploitation against exposed Vikunja API endpoints; unusual password reset activity from internet IPs |
| Credential Access / Persistence | T1078 — Valid Accounts | Successful logins from new IPs/ASNs after password reset; repeated resets over time using same token |
Detection Opportunities
Focus on reset-token exposure + abnormal password resets:
- Alert on high-rate password reset requests per user/IP.
- Alert when password reset is followed by login from a new geo/ASN/device within a short window.
- If you log request parameters: watch for repeated use of the same reset token (should never happen).
Sample detection (Sigma-style, web/app logs)
title: Vikunja Suspicious Password Reset Burst
id: 4e4cbd0d-34b5-4dbf-9d38-7ddc5c7c0d4d
status: experimental
description: Detects abnormal bursts of password reset requests that may indicate token abuse or takeover attempts.
author: AJ Threat Brief (generated)
logsource:
category: webserver
product: generic
service: http
selection:
cs-method: 'POST'
cs-uri-stem|contains:
- '/api/v1/user/password/reset'
condition: selection
fields:
- src_ip
- user
- http_status
- user_agent
falsepositives:
- Legitimate user troubleshooting
level: mediumLog Sources
- Reverse proxy / WAF (URI, IP, UA)
- Application logs (token issuance/validation; user id)
- Authentication logs (successful logins, session creation)
Detection Coverage
| Source | Status |
|---|---|
| Sigma | ❌ Gap (coverage-check returned 0 results) |
| Splunk ESCU | ❌ Gap (coverage-check returned 0 results) |
| Elastic | ❌ Gap (coverage-check returned 0 results) |
| KQL | ❌ Gap (coverage-check returned 0 results) |
Sources
- GitHub Advisory Database (Vikunja) — https://github.com/advisories/GHSA-rfjg-6m84-crj2 — Published 2026-02-28
2. OpenClaw ACP Client Permission Auto-Approval Bypass via Untrusted Tool Metadata (GHSA-7jx5-9fjg-hp4m)
What’s New
A permission-bypass in the OpenClaw ACP client can allow auto-approving actions by abusing untrusted tool metadata, undermining human-in-the-loop controls.
Technical Details
| Field | Value |
|---|---|
| CVE | N/A |
| CVSS | Medium (per advisory severity) |
| Affected | OpenClaw ACP client (see advisory for affected versions) |
| Exploit | Proof-of-concept not observed in GitHub PoC search (last 24h) |
| CISA KEV | N/A |
TTPs
| Tactic | Technique | Observable |
|---|---|---|
| Execution | T1059 — Command and Scripting Interpreter | Unexpected tool invocations / command executions initiated by the agent without explicit approval |
| Credential Access | T1552.001 — Unsecured Credentials: Credentials In Files | Agent attempts to read common secret files (env, config, key material) following metadata-driven tool calls |
Detection Opportunities
Treat this like “agent control-plane abuse”:
- Alert on tool calls that should require approval but occur without a corresponding approval event.
- Alert on unusual file access patterns by the agent process (reading dotfiles, ssh keys, API tokens).
Sample detection (Sigma-style, endpoint telemetry)
title: Suspicious OpenClaw Agent Tool Execution Without Expected Approval Trail
id: 7ad0a6a1-7e45-4d9c-a1df-8eec2bba5d62
status: experimental
description: Flags unexpected executions from an OpenClaw agent process that may indicate control-plane abuse.
author: AJ Threat Brief (generated)
logsource:
category: process_creation
product: macos
selection:
ParentImage|contains:
- 'openclaw'
Image|endswith:
- 'node'
- 'bash'
- 'zsh'
condition: selection
fields:
- ParentImage
- Image
- CommandLine
falsepositives:
- Legitimate skill automation
level: mediumLog Sources
- OpenClaw gateway / ACP client logs (approval events, tool call metadata)
- Endpoint process creation telemetry
- File access/audit logs where available
Detection Coverage
| Source | Status |
|---|---|
| Sigma | ❌ Gap (coverage-check returned 0 results) |
| Splunk ESCU | ❌ Gap (coverage-check returned 0 results) |
| Elastic | ❌ Gap (coverage-check returned 0 results) |
| KQL | ❌ Gap (coverage-check returned 0 results) |
Sources
- GitHub Advisory Database (OpenClaw) — https://github.com/advisories/GHSA-7jx5-9fjg-hp4m — Published 2026-02-27
Intelligence Sources
- Web search, X/Twitter presets, GitHub Advisories, CISA KEV