Lucene search
K

4 matches found

Snyk
Snyk
added 2026/06/12 11:6 p.m.4 views

User Impersonation

Overview @openclaw/qqbot is an OpenClaw QQ Bot channel plugin for group and direct-message workflows. Affected versions of this package are vulnerable to User Impersonation in the QQBot streaming command. An attacker can alter configuration settings by accessing the command without meeting explic...

7.7CVSS5.9AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.19 views

CVE-2026-53833

OpenClaw before 2026.4.29 contains an authorization bypass in the QQBot streaming command that lets authenticated senders mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside the intended admin policy by accessing the affected co...

7.7CVSS5.3AI score0.00172EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.28 views

CVE-2026-53833 QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...

7.7CVSS0.00172EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-49037

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.29 Description An authorization bypass exists in the QQBot streaming command. This issue allows authenticated senders to modify configuration settings without explicit allowFrom restrictions. Attackers can...

7.7CVSS5.2AI score0.00172EPSS
Exploits0References8
Rows per page
Query Builder