Lucene search
K

8 matches found

Snyk
Snyk
added 2026/04/03 3:27 a.m.4 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the Discord voice ingress authorization process. An attacker can gain unauthorized access to restricted voice channels by exploiting gaps in channel, name, and...

5.4CVSS5.9AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:24 a.m.6 views

Use of Less Trusted Source

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of Less Trusted Source in the diffs viewer process when proxied remote requests are incorrectly classified as loopback addresses if allowRemoteViewer is disabled. An attacker can gain...

6.3CVSS6AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:13 a.m.2 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call process. An attacker can cause excessive resource consumption by sending oversized WebSocket frames before validati...

7.5CVSS5.9AI score0.00532EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:11 a.m.2 views

Insufficient Session Expiration

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration due to the device.token.rotate process not terminating active WebSocket sessions after credential rotation. An attacker can maintain unauthorized access to...

5.4CVSS5.9AI score0.00186EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 2:58 a.m.6 views

Replay Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack via the webhook signature verification process. An attacker can bypass replay detection by submitting requests with equivalent Base64 and Base64URL-encoded signatures, causi...

6.3CVSS5.9AI score0.0033EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:23 p.m.1 views

UNIX Symbolic Link (Symlink) Following

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the tar upload process. An attacker can overwrite arbitrary files on the remote host by uploading a tar archive containing symlinks that are follow...

8.1CVSS6.1AI score0.00533EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/02 9:0 p.m.7 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the process that fetches thread root and reply context, which bypasses the sender allowlist. An attacker can gain unauthorized access to message threads by...

6.5CVSS5.9AI score0.00157EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 8:59 p.m.23 views

Replay Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack in the replay deduplication process. An attacker can bypass intended access restrictions by reusing messageId values across authenticated sibling-target delivery paths...

5.4CVSS5.4AI score0.00274EPSS
Exploits0References2
Rows per page
Query Builder