Lucene search
K

142 matches found

NVD
NVD
added 2026/03/19 10:16 p.m.5 views

CVE-2026-32028

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS0.00198EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 10:16 p.m.5 views

CVE-2026-32006

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities...

3.1CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2026/03/19 10:7 p.m.12 views

CVE-2026-32028

OpenClaw

6.3CVSS5.8AI score0.00198EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/19 10:7 p.m.4 views

EUVD-2026-13304

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS5.8AI score0.00198EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.1 views

CVE-2026-32027

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can exploit this cross-context authorization flaw by using a sender approved via DM pairing to satisfy...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/19 10:7 p.m.19 views

CVE-2026-32027 OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can exploit this cross-context authorization flaw by using a sender approved via DM pairing to satisfy...

7.1CVSS0.00238EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:7 p.m.14 views

CVE-2026-32027

OpenClaw has an authorization bypass in versions prior to 2026.2.26. A DM pairing-store identity may be incorrectly eligible for group allowlist authorization checks, allowing attackers to satisfy group sender allowlist checks via a sender approved through DM pairing without explicit presence in ...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.28 views

CVE-2026-32006 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities...

3.1CVSS0.00295EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 9:57 p.m.4 views

CVE-2026-33410

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS5.8AI score0.00156EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 9:57 p.m.2 views

CVE-2026-33410 Discourse hardens chat DM channel creation and expansion

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 9:57 p.m.11 views

CVE-2026-33410

Summary: CVE-2026-33410 affects Discourse before patches 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. There are two authorization issues in the chat direct message API. First, during direct message channel creation or when adding users, the target_groups parameter is passed directly to the user res...

5.4CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.8 views

Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wm8r-w8pf-2v6w. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist polic...

4.6CVSS5.7AI score0.00152EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/19 3:30 a.m.6 views

GHSA-R849-826X-WGQM Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wm8r-w8pf-2v6w. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist polic...

3.7CVSS5.7AI score0.00152EPSS
Exploits0References5
OSV
OSV
added 2026/03/19 2:16 a.m.3 views

CVE-2026-31991

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

4.6CVSS5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.5 views

CVE-2026-31991

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

3.7CVSS5.8AI score0.00152EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31991 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

3.7CVSS5.8AI score0.00152EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.21 views

CVE-2026-31991 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

3.7CVSS0.00152EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 1:0 a.m.26 views

CVE-2026-31991

OpenClaw before version 2026.2.26 is affected by an authorization bypass in the Signal group allowlist caused by leakage from the DM pairing-store. Exploitation can allow an attacker to bypass group allowlist checks and gain unauthorized group access. A fix is available in 2026.2.26 or later; upg...

4.6CVSS5.8AI score0.00152EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from not enforcing dmPolicy and allowFrom authorization checks on Discord direct message response notifications, which can be exploited by an attacker to bypass DM...

6.3CVSS5.8AI score0.00198EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/12 2:21 p.m.8 views

OpenClaw: LINE group allowlist scope mismatch with DM pairing-store entries

Summary In specific LINE configurations, sender IDs approved through DM pairing could also satisfy group allowlist checks when operators expected group sender access to be scoped only to explicit group allowlists. Affected Packages / Versions - Package: openclaw npm - Latest published version at...

5.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder