Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 8:8 p.m.11 views

CVE-2026-53815 OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS5.2AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:8 p.m.23 views

CVE-2026-53815

OpenClaw is affected by an authorization bypass in the message read actions present before 2026.5.19. The root cause is insufficient validation that should enforce channel allowlists, allowing lower-trust callers to request messages from channels not intended for them and exposing potentially sen...

7.1CVSS5.5AI score0.00215EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.9 views

PT-2026-36101

Name of the Vulnerable Software and Affected Versions nanobot affected versions not specified Description An issue exists where including the | character in a sender address allows an attacker to bypass the Channel allowlist. This bypass provides full access to the Agent Loop, exposing all tools,...

5.2AI score0.00069EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:9 p.m.13 views

CVE-2026-41381

OpenClaw =2026.3.31 (as per GHSA-CQGW-44WG-44RF), and the CVSS data shows a CVSSv3.1 base score around 5.4 (MEDIUM) with network attack vector and low confidentiality/integrity impact. No exploitation details beyond the advisory are provided in the documents. Remediation: upgrade openclaw to the ...

5.4CVSS5.3AI score0.00222EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder