Lucene search
K

8 matches found

NVD
NVD
added 2026/04/28 7:37 p.m.8 views

CVE-2026-41376

OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls...

6.5CVSS0.00157EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/28 12:31 a.m.6 views

Duplicate Advisory: OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-chfm-xgc4-47rj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Gra...

5.4CVSS5.7AI score0.00177EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/02 9:1 p.m.9 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the Graph API process. An attacker can access message thread history that should be restricted by sender allowlists by querying the API directly, potentially...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 2026/04/02 9:1 p.m.4 views

GHSA-CHFM-XGC4-47RJ OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API

Summary MSTeams thread history bypasses sender allowlist via Graph API Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28 MS Teams because Graph-fetched thread history bypasses sender allowlists, with unreleased mainline filtering fix...

2.3CVSS5.9AI score0.00177EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/02 9:0 p.m.9 views

OpenClaw: Matrix thread root and reply context bypass sender allowlist

Summary Matrix thread root and reply context bypass sender allowlist Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28 Matrix because fetched thread-root/reply context bypasses sender allowlists, with unreleased mainline filtering fix...

6.5CVSS5.8AI score0.00157EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/29 3:49 p.m.7 views

OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback

Summary MS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Microso...

6.9CVSS5.9AI score0.00227EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/29 3:49 p.m.18 views

GHSA-RF6H-5GPW-QRGQ OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback

Summary MS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Microso...

6.9CVSS5.9AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.8 views

PT-2026-23532

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 OpenClaw versions 2026.1.30 and earlier Description When Telegram webhook mode is enabled without a configured webhook secret, the software may accept unauthenticated HTTP POST requests at the Telegram webho...

9.8CVSS5.9AI score0.00255EPSS
Exploits0References12
Rows per page
Query Builder