10 matches found
CVE-2026-35655
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...
CVE-2026-35655
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...
CVE-2026-35655 OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...
CVE-2026-35655 OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...
EUVD-2026-21456
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...
CVE-2026-35655
OpenClaw before 2026.3.22 is affected by an identity spoofing vulnerability in ACP permission resolution, where conflicting tool identity hints from rawInput and metadata can be spoofed to suppress dangerous-tool prompting and bypass security restrictions. Root cause: trust of conflicting tool id...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from identity deception in ACP permission resolution, allowing attackers to forge tool identities through th...
PT-2026-31966
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security...
OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting
Summary ACP permission resolution trusted conflicting tool identity hints from rawInput and metadata, which could suppress dangerous-tool prompting. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the resolvePermissionRequest, resolveToolNameForPermission, and shouldAutoApproveToolCall functions. An attacker can gain unauthorized access to resources by...