Lucene search
K

14 matches found

EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2026-36623

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

4.3CVSS5.3AI score0.00166EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2026-36622

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...

8.2CVSS5.3AI score0.00192EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.19 views

CVE-2026-53828

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access contro...

8.8CVSS0.00267EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.20 views

CVE-2026-53835

OpenClaw (pre-2026.5.6) contains a configuration enforcement bypass in Feishu dynamic-agent bindings. The flaw allows authenticated senders to create or update bindings without honoring configured config-write controls, enabling changes to sender-agent binding state beyond policy. Affected compon...

4.3CVSS5.3AI score0.00166EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.10 views

CVE-2026-53835 OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

4.3CVSS5.3AI score0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.32 views

CVE-2026-53835 OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

4.3CVSS0.00166EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.28 views

CVE-2026-53834

OpenClaw (OpenClaw before 2026.4.27) contains an authorization bypass in QQBot pre-dispatch slash commands that allows authenticated senders to bypass allowFrom policy checks. Attackers can invoke slash commands before access control policies are applied, potentially triggering command handling f...

8.2CVSS5.4AI score0.00192EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-49038

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.27 Description An authorization bypass exists in QQBot pre-dispatch slash commands. This issue allows authenticated senders to skip allowFrom policy checks, enabling them to invoke slash commands before...

8.2CVSS5.3AI score0.00192EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.8 views

CVE-2026-34507

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

5.4CVSS5.7AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 4:16 p.m.17 views

CVE-2026-34507

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

5.4CVSS0.00148EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 3:9 p.m.17 views

EUVD-2026-33334

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 3:9 p.m.31 views

CVE-2026-34507 OpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Commands via DM-only and allowFrom Checks

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

5.4CVSS0.00148EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:9 p.m.11 views

CVE-2026-34507

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from a strategy-bypass vulnerability in QQBot administrator commands, which allowed authenticated senders to...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References2
Rows per page
Query Builder