9 matches found
CVE-2026-41406
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content...
CVE-2026-41406
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content...
CVE-2026-41406 OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Thread History and Quoted Messages
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content...
EUVD-2026-26113
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content...
CVE-2026-41406
OpenClaw (npm) is affected by CVE-2026-41406: before 2026.3.31, a sender allowlist bypass via thread history and quoted messages allows remote attackers to access restricted messages. The root cause is bypassing the sender allowlist by exploiting fetched quoted, root, and thread context messages....
PT-2026-35789
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A sender allowlist bypass allows remote attackers to access restricted messages. This is achieved by exploiting fetched quoted, root, and thread context messages to circumvent restrictions and...
Incorrect Authorization
Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization in the process that fetches quoted, root, or thread context messages, which bypasses the sender allowlist. An attacker ca...
GHSA-877V-W3F5-3PCQ OpenClaw: Feishu thread history and quoted messages bypass sender allowlist
Summary Feishu thread history and quoted messages bypass sender allowlist Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28 Feishu because fetched quoted/root/thread context bypasses sender allowlists, and SECURITY.md does not exempt...
OpenClaw: Feishu thread history and quoted messages bypass sender allowlist
Summary Feishu thread history and quoted messages bypass sender allowlist Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28 Feishu because fetched quoted/root/thread context bypasses sender allowlists, and SECURITY.md does not exempt...