2 matches found
CVE-2026-25474
OpenClaw (openclaw) contains a vulnerability in versions 2026.1.30 and earlier where, if channels.telegram.webhookSecret is not set while operating in Telegram webhook mode, it may accept webhook requests without verifying Telegram’s secret header. This can allow an attacker who can reach the web...
vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-25474 via openclaw (=0.0.1)
openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-25474 Source advisory: OSV:GHSA-MP5H-M6QJ-6292...