Lucene search
+L

9 matches found

EUVD
EUVD
added 20 hours ago5 views

EUVD-2026-45093

OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger...

7.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43566

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS0.00199EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

6.3CVSS6.1AI score0.00199EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-62196 OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs

OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...

8.7CVSS0.0023EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-62195

OpenClaw has an authorization bypass vulnerability (CVE-2026-62195) in the MCP loopback feature affecting versions 2026.5.20 before 2026.6.6. The issue allows lower-trust callers to bypass authorization checks and use input paths to execute or persist owner-only tools beyond intended permissions....

8.7CVSS6.2AI score0.0023EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago10 views

CVE-2026-62188

OpenClaw @openclaw/feishu (versions

8.6CVSS6.1AI score0.00213EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-62188

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57889

Name of the Vulnerable Software and Affected Versions @openclaw/feishu versions prior to 2026.6.9 Description The software may ignore per-account disablement, allowing a lower-trust caller or a configured input path to perform actions that require stronger authorization or policy checks. This can...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References7
Rows per page
Query Builder