Lucene search
K

62 matches found

Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.10 views

PT-2026-33866

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.4 views

CVE-2026-35621 OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence

OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal...

7.1CVSS5.8AI score0.00264EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.25 views

CVE-2026-35621 OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence

OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal...

7.1CVSS0.00264EPSS
Exploits1References2
CVE
CVE
added 2026/04/10 4:3 p.m.10 views

CVE-2026-35621

OpenClaw

7.1CVSS5.8AI score0.00264EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-31956

OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal...

7.1CVSS5.8AI score0.00264EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/07 6:11 p.m.6 views

Improper Handling of Insufficient Permissions or Privileges

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the operator.write module reaching admin-class Talk Voice configuration persistence through chat.send. An attacker can gain...

6.9CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/07 6:11 p.m.10 views

OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send

Summary Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Talk Voice config persistence bug, but it is the same narrow...

7.1CVSS5.9AI score0.00243EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/01 12:0 a.m.2 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the chat.send process. An attacker can trigger a session reset, archive the prior transcript state, and force a new session ID for a target session by...

8.5CVSS5.9AI score0.00255EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/01 12:0 a.m.9 views

OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`

Summary The chat.send path reused command authorization to trigger /reset session rotation even though direct session reset is an admin-only control-plane operation. Impact A write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id...

5.9AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/31 11:57 p.m.13 views

Reliance on Untrusted Inputs in a Security Decision

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the chat.send process. An attacker can inject unauthorized provenance fields by spoofing client identity metadata during the...

8.6CVSS5.9AI score0.00203EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 11:57 p.m.3 views

GHSA-6XG4-82HV-CP6F OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing

Summary ACP-only provenance fields in chat.send were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state. Impact A normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 11:57 p.m.5 views

GHSA-5H2W-QMFP-GGP6 OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`

Summary The chat.send path let authorized write-scoped callers persist /verbose session overrides even though the same stored session mutation is admin-only through sessions.patch. Impact A write-scoped gateway caller could persist verbose output for later runs and expose more reasoning or tool...

5.4CVSS5.9AI score0.00209EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/31 11:57 p.m.8 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send process. An attacker can persist verbose output for future sessions and expose additional internal reasoning or tool output by leveraging...

7.1CVSS5.9AI score0.00209EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/31 11:57 p.m.11 views

OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`

Summary The chat.send path let authorized write-scoped callers persist /verbose session overrides even though the same stored session mutation is admin-only through sessions.patch. Impact A write-scoped gateway caller could persist verbose output for later runs and expose more reasoning or tool...

8.8CVSS5.9AI score0.00209EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/30 6:52 p.m.8 views

GHSA-94PW-C6M8-P9P9 OpenClaw: Gateway operator.write Can Reach Admin-Class Channel Allowlist Persistence via chat.send

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The shared /allowlist command persists channel authorization config through writeConfigFile... but does not re-validate gateway client scopes for internal gateway callers. Because chat.send is intentionally reachable to...

7.1CVSS5.9AI score0.00264EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/30 6:52 p.m.4 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management through the /allowlist process. An attacker can escalate privileges by using an authenticated gateway client with operator.write scope to persist unauthorize...

7.1CVSS5.9AI score0.00264EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/30 6:52 p.m.7 views

OpenClaw: Gateway operator.write Can Reach Admin-Class Channel Allowlist Persistence via chat.send

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The shared /allowlist command persists channel authorization config through writeConfigFile... but does not re-validate gateway client scopes for internal gateway callers. Because chat.send is intentionally reachable to...

7.1CVSS5.9AI score0.00264EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/09 7:54 p.m.4 views

GHSA-HFPR-JHPQ-X4RM OpenClaw: `operator.write` chat.send could reach admin-only config writes

Summary A gateway client authenticated with operator.write could route /config set or /config unset through chat.send and reach persistent config mutation even though direct config RPC methods are admin-scoped. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable...

4.3CVSS5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/03/09 7:54 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send process. An attacker can perform unauthorized persistent configuration changes by routing /config set or /config unset commands through an...

5.3CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/09 7:54 p.m.16 views

OpenClaw: `operator.write` chat.send could reach admin-only config writes

Summary A gateway client authenticated with operator.write could route /config set or /config unset through chat.send and reach persistent config mutation even though direct config RPC methods are admin-scoped. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable...

5.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder