25 matches found
Duplicate Advisory: OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rvvf-6vh3-9j43. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete...
Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group...
GHSA-PR66-WHQJ-RQ5P Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group...
GHSA-QGP3-3RJ7-QQQ4 Duplicate Advisory: OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rvvf-6vh3-9j43. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete...
EUVD-2026-25325
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...
EUVD-2026-25332
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...
CVE-2026-41341
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...
CVE-2026-41348
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...
CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...
CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...
CVE-2026-41341
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...
CVE-2026-41341
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. This misclassification can allow attackers to bypass group DM policy enforcement or ...
PT-2026-34779
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...
PT-2026-34772
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were caused by logical errors in the Discord component’s interaction routing mechanism, which incorrectly categorize...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypasses in Discord’s slash commands and autocompleted paths, which failed to enforce...
OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message
Summary Discord Component Interaction Misclassifies Group DM as Direct Message Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impac...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the process that handles Discord component interactions, which incorrectly classifies Group Direct Messages as standard Direct Messages. An attacker can cause...
Incorrect Authorization
Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the process that handles Discord component interactions, which incorrectly classifies Group Direct Messages as standard Direct Messages. An attacker can...
GHSA-6336-QQW9-V6X6 OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message
Summary Discord Component Interaction Misclassifies Group DM as Direct Message Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impac...