8 matches found
CVE-2026-53857
OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent responses intended for different Zalo identities when...
CVE-2026-53849
CVE-2026-53849 — OpenClaw prior to 2026.5.7 : A privilege-escalation in which the allowFrom feature validates Discord identity via mutable display names instead of immutable user IDs. An attacker with a Discord account can alter their display name to align with a policy entry and gain unauthorize...
CVE-2026-53823
OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other...
CVE-2026-53823 OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom
OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other...
CVE-2026-53823
OpenClaw is affected by a privilege-escalation vulnerability in the allowFrom feature, where binding to mutable Slack display names enables an attacker with Slack account access to alter display name metadata to match policy entries and gain unauthorized agent access intended for other identities...
CVE-2026-53823 OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom
OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other...
CVE-2026-53811 OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another...
CVE-2026-35617 OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources...