Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/11 8:5 p.m.32 views

CVE-2026-53807 OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 8:5 p.m.13 views

EUVD-2026-36313

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 2:10 p.m.25 views

CVE-2026-33578 OpenClaw < 2026.3.28 - Sender Policy Allowlist Bypass via Policy Downgrade in Google Chat and Zalouser Extensions

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...

5.3CVSS0.00297EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/04 6:55 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the processing of Slack interactive callbacks, specifically blockaction, viewsubmission, and viewclosed. An attacker can inject unauthorized system-event text...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References2
Rows per page
Query Builder