4 matches found
CVE-2026-35630
OpenClaw OpenClaw before 2026.5.18 has an authorization bypass in QQBot native approval buttons that does not enforce the configured approver identity. Non-approvers can click approval buttons to resolve pending exec or plugin approval requests without proper authorization. Affected product: Open...
EUVD-2026-33335
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...
CVE-2026-35630 OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...
PT-2026-44896
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...