Lucene search
K

14 matches found

EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-43565

OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...

8.6CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 14 hours ago3 views

EUVD-2026-43566

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-62188

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-62188

OpenClaw @openclaw/feishu (versions

8.6CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday16 views

CVE-2026-62188 OpenClaw < 2026.6.9 Feishu Authorization Bypass

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/07 6:14 p.m.5 views

OpenClaw: Pairing pending-request caps were enforced per channel instead of per account

Summary Before OpenClaw 2026.3.31, pending pairing-request caps were enforced per channel file instead of per account. On multi-account channel setups, requests from other accounts could fill the shared pending window and block new pairing challenges on an unaffected account. Impact This issue...

7.5CVSS5.9AI score0.00417EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/07 6:14 p.m.9 views

GHSA-WWFP-W96M-C6X8 OpenClaw: Pairing pending-request caps were enforced per channel instead of per account

Summary Before OpenClaw 2026.3.31, pending pairing-request caps were enforced per channel file instead of per account. On multi-account channel setups, requests from other accounts could fill the shared pending window and block new pairing challenges on an unaffected account. Impact This issue...

6.3CVSS5.8AI score0.00417EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/26 9:45 p.m.6 views

OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision

Summary Synology Chat multi-account configuration could collapse onto a shared webhook path, replacing route ownership and bypassing per-account DM policy separation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/26 9:45 p.m.3 views

GHSA-RQP8-Q22P-5J9Q OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision

Summary Synology Chat multi-account configuration could collapse onto a shared webhook path, replacing route ownership and bypassing per-account DM policy separation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.9CVSS5.9AI score0.00245EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/03 11:8 p.m.10 views

OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing

Summary When Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate inbound processing after replay-window expiry or process restart. Details OpenClaw's Nextcloud Talk webhook path verified HMACsecret, random + body but...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/03 11:8 p.m.4 views

GHSA-R9Q5-C7QC-P26W OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing

Summary When Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate inbound processing after replay-window expiry or process restart. Details OpenClaw's Nextcloud Talk webhook path verified HMACsecret, random + body but...

5.3CVSS5.9AI score0.00267EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.9 views

PT-2026-26224

Summary When Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate inbound processing after replay-window expiry or process restart. Details OpenClaw's Nextcloud Talk webhook path verified HMACsecret, random + body but...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/02/19 11:18 p.m.6 views

CVE-2026-27004 OpenClaw session tool visibility hardening and Telegram webhook secret fallback

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...

6.9CVSS5.5AI score0.00105EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 11:18 p.m.8 views

CVE-2026-27004 OpenClaw session tool visibility hardening and Telegram webhook secret fallback

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...

6.9CVSS5.5AI score0.00105EPSS
Exploits0References4
Rows per page
Query Builder