9 matches found
EUVD-2026-45093
OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger...
EUVD-2026-43566
OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...
CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...
CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...
CVE-2026-62196 OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs
OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...
CVE-2026-62195
OpenClaw has an authorization bypass vulnerability (CVE-2026-62195) in the MCP loopback feature affecting versions 2026.5.20 before 2026.6.6. The issue allows lower-trust callers to bypass authorization checks and use input paths to execute or persist owner-only tools beyond intended permissions....
CVE-2026-62188
OpenClaw @openclaw/feishu (versions
CVE-2026-62188
OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...
PT-2026-57889
Name of the Vulnerable Software and Affected Versions @openclaw/feishu versions prior to 2026.6.9 Description The software may ignore per-account disablement, allowing a lower-trust caller or a configured input path to perform actions that require stronger authorization or policy checks. This can...