269 matches found
Incorrect Authorization
Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing b...
OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From
Summary commands.allowFrom is documented as a sender authorization allowlist for commands/directives, but command authorization could include ctx.From conversation identity as a sender candidate. When commands.allowFrom contained conversation-like identifiers for example Discord channel: or...
GHSA-792Q-QW95-F446 OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
Summary In a narrow Signal reaction-notification path, reaction-only inbound events could enqueue a status event before sender access checks were applied. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.24 latest published at patch time - Fixed: 2026.2.25 Details In the...
OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback
Summary In [email protected], BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. A sender that was only DM-paired not explicitly present in groupAllowFrom could pass group sender check...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization incomplete access checks in authenticated DM sessions for owner-only gateway tools. An attacker can perform unauthorized gateway actions by invoking specific tool...
GHSA-2HM8-RQRM-XFJQ OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows
Summary In authenticated non-owner DM sessions, a narrow tool-invocation path could reach broader-than-intended owner-only gateway actions. Impact This requires an authenticated non-owner sender in a DM session and a specific tool invocation path. No unauthenticated access is involved, and this...
OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows
Summary In authenticated non-owner DM sessions, a narrow tool-invocation path could reach broader-than-intended owner-only gateway actions. Impact This requires an authenticated non-owner sender in a DM session and a specific tool invocation path. No unauthenticated access is involved, and this...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the dm reaction notification process. An attacker can bypass authorization checks and enqueue unauthorized reaction-derived system events by reacting to...
GHSA-354R-7MFH-7RH2 OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups
Summary In OpenClaw = 2026.2.25 Fix Commits - aedf62ac7e669a89c7b299201bf6537dc6b12e0e Release Process Note patchedversions is pre-set to the release 2026.2.25 so after npm release the advisory is published. Thanks @tdjackey for reporting...
GHSA-RM2P-J3R7-4X4J OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress
Summary OpenClaw Slack monitor handled reaction and pin non-message events before applying sender-policy checks consistently. In affected versions, these events could be added to system-event context even when sender policy would not normally allow them. Affected Packages / Versions - Package: np...
OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress
Summary OpenClaw Slack monitor handled reaction and pin non-message events before applying sender-policy checks consistently. In affected versions, these events could be added to system-event context even when sender policy would not normally allow them. Affected Packages / Versions - Package: np...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Telegram DM message handling. An attacker can cause unauthorized media files to be downloaded and written to disk by sending...
GHSA-H656-5VCF-CM23 OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check
Impact In Telegram DM mode, inbound media was downloaded and written to disk before sender authorization checks completed. An unauthorized sender could trigger inbound media download/write activity including media groups even when DM access should be denied. Affected Packages / Versions - Package...
BIT-DISCOURSE-2026-27153 Discourse doesn't prevent moderators from exporting user Chat DMs
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in canexportentity?. The method allowed moderators to export any entity not explicit...
CVE-2026-27152
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...
CVE-2026-27153 Discourse doesn't prevent moderators from exporting user Chat DMs
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in canexportentity?. The method allowed moderators to export any entity not explicit...
CVE-2026-27153 Discourse doesn't prevent moderators from exporting user Chat DMs
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in canexportentity?. The method allowed moderators to export any entity not explicit...
CVE-2026-27153 Discourse doesn't prevent moderators from exporting user Chat DMs
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in canexportentity?. The method allowed moderators to export any entity not explicit...
EUVD-2026-8891
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...
CVE-2026-27152
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...