3 matches found
CVE-2026-28474
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.6 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in permission list validation, which allowed equal matches for the variable actor.name field. This could allow attacker...
User Impersonation
Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to User Impersonation via channels.matrix.dm.allowFrom. An attacker can impersonate an allowed identity and gain unauthorized access to the routing or agent pipeline by manipulating...