Lucene search
K

93 matches found

CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a denial of service vulnerability that stems from its BlueBubbles and Google Chat webhook handlers parsing request bodies before performing authentication and signature verification. An attacker could...

8.7CVSS5.8AI score0.00418EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 2:16 a.m.5 views

CVE-2026-22170

OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restrictions to be ineffective. Remote attackers can send direct messages to BlueBubbles accounts by...

6.5CVSS0.00255EPSS
Exploits0References6
CVE
CVE
added 2026/03/18 1:34 a.m.14 views

CVE-2026-22170

OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass caused by an empty allowFrom configuration. This misconfiguration makes dmPolicy pairing and allowlist restrictions ineffective, enabling remote attackers to send direct messages to BlueBubb...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.2 views

CVE-2026-22170 OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration

OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restrictions to be ineffective. Remote attackers can send direct messages to BlueBubbles accounts by...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/18 1:34 a.m.3 views

EUVD-2026-12712

OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restrictions to be ineffective. Remote attackers can send direct messages to BlueBubbles accounts by...

6.3CVSS5.8AI score0.00255EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/18 1:34 a.m.34 views

CVE-2026-22170 OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration

OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restrictions to be ineffective. Remote attackers can send direct messages to BlueBubbles accounts by...

6.5CVSS0.00255EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.3 views

CVE-2026-22170

OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restrictions to be ineffective. Remote attackers can send direct messages to BlueBubbles accounts by...

6.3CVSS5.8AI score0.00255EPSS
Exploits0References7
OSV
OSV
added 2026/03/18 1:34 a.m.5 views

CVE-2026-22170 OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration

OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restrictions to be ineffective. Remote attackers can send direct messages to BlueBubbles accounts by...

6.3CVSS6.6AI score0.00255EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.3 views

CVE-2026-29611

OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...

8.2CVSS5.9AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-29613

OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles optional plugin webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operat...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/06 1:0 a.m.3 views

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the webhook process of the BlueBubbles plugin due to trusting the loopback remoteAddress without validating forwarding headers. An attacker...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 10:16 p.m.7 views

CVE-2026-29611

OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...

8.2CVSS0.00292EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 10:16 p.m.9 views

CVE-2026-29613

OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles optional plugin webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operat...

8.2CVSS0.00408EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 10:0 p.m.3 views

CVE-2026-29613

OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles optional plugin webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operat...

8.2CVSS6.1AI score0.00408EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/05 10:0 p.m.5 views

EUVD-2026-9937

OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles optional plugin webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operat...

8.2CVSS6.1AI score0.00408EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 10:0 p.m.30 views

CVE-2026-29613

OpenClaw is affected in versions prior to 2026.2.12, where the BlueBubbles optional plugin webhook handler authenticates requests only by loopback remoteAddress and does not validate forwarding headers. This allows an unauthenticated attacker, especially when behind a reverse proxy, to reach the ...

8.2CVSS6.1AI score0.00408EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/05 10:0 p.m.4 views

CVE-2026-29613 OpenClaw < 2026.2.12 - Webhook Authentication Bypass via Loopback remoteAddress Trust

OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles optional plugin webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operat...

8.2CVSS6.1AI score0.00408EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/05 10:0 p.m.34 views

CVE-2026-29611 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling

OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...

8.2CVSS0.00292EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 10:0 p.m.2 views

CVE-2026-29611 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling

OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...

8.2CVSS5.9AI score0.00292EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 10:0 p.m.5 views

CVE-2026-29611

OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...

8.2CVSS6AI score0.00292EPSS
Exploits0References4
Rows per page
Query Builder