9 matches found
EUVD-2026-21138
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted...
CVE-2026-35642
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted...
CVE-2026-35642
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted...
CVE-2026-35642
Technical details (affected components, root cause specifics, impacted versions, or exploits) are not publicly available in the supplied documents. Monitor for updates in connected advisories.
CVE-2026-35642 OpenClaw < 2026.3.25 - Authorization Bypass in Group Reactions via requireMention Bypass
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted...
CVE-2026-35642 OpenClaw < 2026.3.25 - Authorization Bypass in Group Reactions via requireMention Bypass
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted...
Incorrect Authorization
Overview @openclaw/bluebubbles is an OpenClaw BlueBubbles channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the requireMention process. An attacker can trigger agent-visible system events in group chats that are intended to be mention-gated by sending...
GHSA-MW7W-G3MG-XQM7 OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events
Summary BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...
OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events
Summary BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...