3 matches found
User Impersonation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation via the allowFrom process. An attacker can gain unauthorized access to agent privileges intended for another Discord identity by exploiting mutable display name metadat...
CVE-2026-53849
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change their display name to match a policy entry and gai...
CVE-2026-53849
CVE-2026-53849 — OpenClaw prior to 2026.5.7 : A privilege-escalation in which the allowFrom feature validates Discord identity via mutable display names instead of immutable user IDs. An attacker with a Discord account can alter their display name to align with a policy entry and gain unauthorize...