Lucene search
K

5 matches found

NVD
NVD
added 2026/03/29 1:17 p.m.4 views

CVE-2026-32923

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted system events, injecting reaction text into...

5.4CVSS0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.20 views

CVE-2026-32923 OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted system events, injecting reaction text into...

5.4CVSS0.00151EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 10:7 p.m.4 views

EUVD-2026-13304

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS5.8AI score0.00198EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/13 6:58 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the Discord reaction ingestion for guild channels. An attacker can gain unauthorized access to restricted session events by sending reaction events from a...

5.4CVSS5.8AI score0.00151EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/03 9:25 p.m.7 views

OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups

Summary In OpenClaw = 2026.2.25 Fix Commits - aedf62ac7e669a89c7b299201bf6537dc6b12e0e Release Process Note patchedversions is pre-set to the release 2026.2.25 so after npm release the advisory is published. Thanks @tdjackey for reporting...

6.3CVSS6AI score0.00198EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder