Lucene search
K

5 matches found

OSV
OSV
added 4 days ago3 views

GHSA-MGQ6-VR84-7M2J OpenClaw: QQBot native approval buttons did not enforce configured approver identity

Summary OpenClaw's QQBot channel can deliver native approval buttons for exec and plugin approvals. In affected releases, the button callback path resolved approvals without enforcing the configured QQBot approver identity. The text command approval path used the authorization check; the issue wa...

8CVSS5.8AI score0.00199EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 9:56 p.m.20 views

CVE-2026-53832

CVE-2026-53832 affects OpenClaw prior to 2026.5.18. The issue is an identity header validation flaw that lets local, same-host callers forge trusted-proxy identity headers, enabling them to assume operator identity and potentially escalate privileges when they have access to the proxy-facing Gate...

7.7CVSS5.3AI score0.00102EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.6 views

CVE-2026-53822 OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls...

8.8CVSS5.5AI score0.00982EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.29 views

CVE-2026-53822 OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls...

8.8CVSS0.00982EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from the fact that extension metadata during market runtime could be redirected to load into unscanned packa...

8.8CVSS5.4AI score0.00419EPSS
Exploits0References1
Rows per page
Query Builder