4 matches found
CVE-2026-53815 OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions
OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...
CVE-2026-53815
OpenClaw is affected by an authorization bypass in the message read actions present before 2026.5.19. The root cause is insufficient validation that should enforce channel allowlists, allowing lower-trust callers to request messages from channels not intended for them and exposing potentially sen...
PT-2026-36101
Name of the Vulnerable Software and Affected Versions nanobot affected versions not specified Description An issue exists where including the | character in a sender address allows an attacker to bypass the Channel allowlist. This bypass provides full access to the Agent Loop, exposing all tools,...
CVE-2026-41381
OpenClaw =2026.3.31 (as per GHSA-CQGW-44WG-44RF), and the CVSS data shows a CVSSv3.1 base score around 5.4 (MEDIUM) with network attack vector and low confidentiality/integrity impact. No exploitation details beyond the advisory are provided in the documents. Remediation: upgrade openclaw to the ...