Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/04/10 12:30 a.m.5 views

Duplicate Advisory: OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg6c-q2hx-69h7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows...

8.3CVSS5.8AI score0.00283EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/10 12:30 a.m.3 views

GHSA-J56C-WPQM-H24X Duplicate Advisory: OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg6c-q2hx-69h7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows...

8.3CVSS5.8AI score0.00283EPSS
Exploits0References5
NVD
NVD
added 2026/04/09 10:16 p.m.3 views

CVE-2026-35618

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized...

8.3CVSS0.00283EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 9:26 p.m.23 views

CVE-2026-35618 OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized...

8.3CVSS0.00283EPSS
Exploits0References4
CVE
CVE
added 2026/04/09 9:26 p.m.11 views

CVE-2026-35618

OpenClaw OpenClaw package (Plivo V2 verification) vulnerability CVE-2026-35618 affects OpenClaw before 2026.3.23. The replay protection uses a replay key derived from the full verification URL, including query strings, instead of the base canonical URL. This allows an attacker to mint new verifie...

8.3CVSS6AI score0.00283EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:26 p.m.6 views

CVE-2026-35618 OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized...

8.3CVSS5.8AI score0.00283EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31757

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized...

8.3CVSS6AI score0.00283EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.23 contained security vulnerabilities. These vulnerabilities stemmed from a replay vulnerability in Plivo V2 signature verification, allowing attackers to bypass replay protecti...

8.3CVSS5.8AI score0.00283EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/26 6:56 p.m.4 views

OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Summary Before v2026.3.23, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate baseUrl + nonce, but the replay key was derived from the full verification URL including the query string, so unsigned query-on...

8.3CVSS5.9AI score0.00283EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/26 6:56 p.m.2 views

GHSA-CG6C-Q2HX-69H7 OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Summary Before v2026.3.23, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate baseUrl + nonce, but the replay key was derived from the full verification URL including the query string, so unsigned query-on...

8.2CVSS5.8AI score0.00283EPSS
Exploits0References6
Rows per page
Query Builder