Lucene search
+L

9 matches found

CVE
CVE
added 11 hours ago5 views

CVE-2026-62212

CVE-2026-62212 affects OpenClaw prior to 2026.5.28. A race condition exists in the MS Teams safeFetch DNS rebinding check when the affected feature is enabled and reachable. A lower-trust caller or configured input path could win the timing window between DNS validation and usage, enabling action...

7.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 11 hours ago5 views

CVE-2026-62208 OpenClaw < 2026.6.5 Authorization Header Forwarding via SSE

OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...

6.5CVSS
Exploits0References2
OSV
OSV
added 4 days ago6 views

CVE-2026-62193 OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS6.2AI score0.00184EPSS
Exploits0References5
CVE
CVE
added 4 days ago9 views

CVE-2026-62193

OpenClaw is affected: versions 2026.6.5 to before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy (authorization) check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist ...

6.9CVSS6.2AI score0.00184EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-62187 OpenClaw < 2026.6.9 Feishu tools Authorization Bypass

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS0.00213EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-62187 OpenClaw < 2026.6.9 Feishu tools Authorization Bypass

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 6:5 p.m.2 views

CVE-2026-53851 OpenClaw < 2026.5.12 - Slack Reaction Event Notification Bypass

OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite disabled reaction notifications. Attackers can trigger unintended agent processing by sending reaction events when the feature is enabled, potentially leading ...

6.3CVSS6AI score0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/06/16 6:5 p.m.19 views

CVE-2026-53851

CVE-2026-53851 affects OpenClaw prior to version 2026.5.12. A notification bypass allows Slack reaction events to be processed by the agent pipeline even when reaction notifications are disabled. An attacker can trigger unintended agent processing by sending reaction events while the feature is e...

6.3CVSS5.3AI score0.00191EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49768

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A notification bypass allows Slack reaction events to enter the agent pipeline even when reaction notifications are disabled. This can trigger unintended agent processing for reaction events,...

6.3CVSS5.2AI score0.00191EPSS
Exploits0References5
Rows per page
Query Builder