Lucene search
K

25 matches found

Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.12 views

Duplicate Advisory: OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rvvf-6vh3-9j43. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete...

5.4CVSS5.7AI score0.00177EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.6 views

Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group...

5.4CVSS5.7AI score0.00125EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/24 12:31 a.m.6 views

GHSA-PR66-WHQJ-RQ5P Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group...

5.4CVSS5.7AI score0.00125EPSS
Exploits0References5
OSV
OSV
added 2026/04/24 12:31 a.m.5 views

GHSA-QGP3-3RJ7-QQQ4 Duplicate Advisory: OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rvvf-6vh3-9j43. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete...

5.4CVSS5.7AI score0.00177EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/24 12:31 a.m.4 views

EUVD-2026-25325

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

5.4CVSS5.7AI score0.00125EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/24 12:31 a.m.6 views

EUVD-2026-25332

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References4
NVD
NVD
added 2026/04/23 10:16 p.m.7 views

CVE-2026-41341

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

5.4CVSS0.00125EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:58 p.m.4 views

CVE-2026-41348

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/23 9:58 p.m.35 views

CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

5.4CVSS0.00125EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.6 views

CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

5.4CVSS5.2AI score0.00125EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:58 p.m.4 views

CVE-2026-41341

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

5.4CVSS5.7AI score0.00125EPSS
Exploits0References4
CVE
CVE
added 2026/04/23 9:58 p.m.14 views

CVE-2026-41341

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. This misclassification can allow attackers to bypass group DM policy enforcement or ...

5.4CVSS5.7AI score0.00125EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34779

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34772

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

5.4CVSS5.7AI score0.00125EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were caused by logical errors in the Discord component’s interaction routing mechanism, which incorrectly categorize...

5.4CVSS5.9AI score0.00125EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypasses in Discord’s slash commands and autocompleted paths, which failed to enforce...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/03 3:26 a.m.4 views

OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Summary Discord Component Interaction Misclassifies Group DM as Direct Message Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impac...

5.4CVSS5.9AI score0.00125EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/04/03 3:26 a.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the process that handles Discord component interactions, which incorrectly classifies Group Direct Messages as standard Direct Messages. An attacker can cause...

5.4CVSS5.9AI score0.00125EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:26 a.m.2 views

Incorrect Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the process that handles Discord component interactions, which incorrectly classifies Group Direct Messages as standard Direct Messages. An attacker can...

5.4CVSS5.8AI score0.00125EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 3:26 a.m.5 views

GHSA-6336-QQW9-V6X6 OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Summary Discord Component Interaction Misclassifies Group DM as Direct Message Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impac...

5.4CVSS5.9AI score0.00125EPSS
Exploits0References6
Rows per page
Query Builder